# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: Emotet, Heodo, Geodo

# Reference: https://twitter.com/_lockhum/status/1221213324525867008

66.210.228.178:443
66.210.228.178:80

# Reference: https://twitter.com/_lockhum/status/1221245124707078144

50.252.121.146:85
dvr.petcp.com

# Reference: https://twitter.com/500mk500/status/1221353819059167233

116.247.95.206:443
116.247.95.206:80

# Reference: https://twitter.com/500mk500/status/1221354099058401280

77.230.243.54:75
1c26.dyndns.org

# Reference: https://twitter.com/500mk500/status/1221355282971942914

217.77.171.230:8090

# Reference: https://twitter.com/500mk500/status/1221355851795046400

186.52.202.49:1216
vigilantepadre.dvrdns.org

# Reference: https://twitter.com/500mk500/status/1221359005655805953

201.159.153.38:8080
geracaokids.jflddns.com.br

# Reference: https://twitter.com/500mk500/status/1221360316740775937

190.158.245.105:9022

# Reference: https://twitter.com/_lockhum/status/1221620873779609602

158.255.30.100:443
158.255.30.100:80

# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Emotet#tab=2
# Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Spammer:Win32/Cetsiol.A#tab=2
# Reference: http://www.securityhome.eu/malware/malware.php?mal_id=1193064972549a82b0400072.08119525

ajeyftrjqeashgda.mobi
bardubar.com
cryspellingslaveseducation.eu
distrbilko.pw
labamito.ru
likesomessfortelr.eu
mail.ps4hacked.es
naimjax.ru
qwuyegasd3edarq6yu.org
thehappylattersforallpeopleoftheworld.eu
usportrock.ru
www6067ug.sakura.ne.jp

# Reference: https://pastebin.com/csipUv2z

http://regionsnews.net/OEqhU8Lg5
http://barcounterstools.info/gwzel4FlN0
http://latemia.com.br/obrqY699Rj
http://bestofcareer.com/clwPPAOykd
http://reelcreations.ie/KAqmCDJk
http://seaweldci.com/ADR
http://seilanithih.com.kh/Rfg0JO1
http://sunflowerschoolandcollege.com/ibb/papkaa17/OWFktY
http://dealtimer.com/AsIn9
http://abujarealproperties.com/fl
http://zippyrooter.com/lvUg6HFdC
http://puntoyaparteseguros.com/B9P3zyHmix
http://fastinternet.net.au/WDnndUN
http://mebel-m.com.ua/HuvTFu8
http://tomas.datanom.fi/testlab/YHMLRXJ
http://aliu-rdc.org/QwWKYJxM
http://2idiotsandnobusinessplan.com/wC7
http://7naturalessences.com/DFaSvtrS
http://hostmktar.com/mP
http://benimdunyamkres.com/v0vig1G1
http://alpharockgroup.com/HT
http://adminflex.dk/l5TF6w
http://gailong.net/X5AyWfJG
http://shunji.org/logsite/TJaaB
http://binar48.ru/OtTlVIU5
http://tonda.us/nK8Gqwgp8
http://acejapan.net/gTFikCcVIF
http://www.finspangonline.se/qpSw0SD
http://yazilimextra.com/jHQNAQVM9
http://tpms.net.pl/gXJTQL6qMO
http://ysd63.com/xw0jDX
http://exclusiv-residence.ro/IuWn6
http://leizerstamp.ir/zqiQcpE
http://firstchoicetrucks.net/kCV0l
http://olsenelectric.com/zVz4iwC

# Reference: https://www.malware-traffic-analysis.net/2018/08/16/index2.html

theeunload.website
mykeeptake.xyz

# Reference: https://www.virustotal.com/#/domain/bizercise.top

bizercise.top

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Doc.Downloader.Emotet-6878774-0)

uka.me
woelf.in

# Reference: https://twitter.com/Cryptolaemus1/status/1113429409946644480
# Reference: https://pastebin.com/raw/DZd2628u

192.186.96.125:8080
83.110.216.26:8443
189.159.103.149:8080
200.126.225.56:8080
189.190.169.221:7080
104.236.135.119:8080
162.243.125.212:8080
217.13.106.160:7080
5.230.147.179:8080
64.13.225.150:8080
94.76.200.114:8080
212.122.71.196:995
174.93.130.148:8443
181.92.117.141:993
133.242.156.30:7080
91.92.191.134:8080
63.77.201.245:443
69.198.17.7:8080
181.39.51.243:993
27.130.153.101:53
187.189.195.208:8443
174.106.108.31:80
60.49.36.149:50000
70.57.82.196:80
62.75.187.192:8080
95.128.43.213:8080
73.217.113.111:80
87.106.139.101:8080
211.63.71.72:8080
173.255.250.241:443
190.161.186.116:80
178.62.37.188:443
175.100.138.82:22
201.220.152.101:80
208.78.100.202:8080
167.114.210.191:8080
204.184.25.150:143
184.22.6.124:7080
45.33.49.124:443
201.152.34.208:995
85.104.59.244:20
103.12.133.7:8080
203.210.237.200:993
87.106.210.123:80
45.123.3.54:443
173.255.196.209:8080
138.201.140.110:8080
78.186.5.109:443
105.101.6.219:8080
186.4.234.27:443
83.222.124.62:8080
187.198.57.250:7080
147.135.210.39:8080
24.63.218.229:80
50.31.0.160:8080
67.205.149.117:443

# Reference: https://twitter.com/makflwana/status/1085118389633175555

87.207.58.148:20

# Reference: https://twitter.com/pollo290987/status/1114007607352725504

103.12.133.7:8080
104.2.2.153:8080
104.236.135.119:8080
104.236.24.85:443
105.101.6.219:8080
105.225.191.133:80
106.51.237.174:50000
109.104.79.48:8080
109.73.52.242:8080
110.169.107.239:443
114.79.191.12:20
115.254.91.178:7080
115.74.214.134:443
120.63.130.239:465
125.99.106.225:80
133.242.156.30:7080
136.49.87.106:80
138.201.140.110:8080
138.68.139.199:443
139.59.19.157:80
144.76.117.247:8080
147.135.210.39:8080
154.120.228.126:8080
162.243.125.212:8080
165.227.213.173:8080
167.114.210.191:8080
171.101.196.138:80
173.255.196.209:8080
173.255.250.241:443
174.106.108.31:80
174.93.130.148:8443
175.100.138.82:22
176.58.93.123:8080
178.62.37.188:443
179.8.124.11:443
181.118.101.22:8080
181.15.177.100:443
181.16.4.180:80
181.170.252.83:80
181.170.93.38:8080
181.39.51.243:993
181.44.231.127:443
181.56.165.97:53
181.92.117.141:993
182.176.184.81:22
183.82.1.142:7080
184.160.113.4:993
184.22.6.124:7080
184.95.192.237:80
185.191.177.79:143
185.86.148.222:8080
186.139.160.193:8080
186.4.234.27:443
187.153.103.175:443
187.189.195.208:8443
187.189.210.143:80
187.198.57.250:7080
187.228.144.250:143
187.234.36.129:8443
188.51.153.187:993
189.148.145.183:50000
189.150.218.69:8080
189.156.223.10:20
189.159.103.149:8080
189.186.208.24:8443
189.190.169.221:7080
189.208.239.98:443
189.222.167.65:20
189.252.110.239:443
189.252.15.206:443
190.0.32.206:8080
190.104.229.114:8090
190.117.206.153:443
190.117.82.103:443
190.128.26.2:80
190.146.86.180:443
190.15.198.47:80
190.161.186.116:80
190.18.153.249:80
190.18.219.56:443
190.185.241.151:443
190.186.70.146:21
190.230.219.95:20
190.35.109.41:990
190.36.237.47:8443
190.96.118.53:443
190.97.219.241:80
192.155.90.90:7080
192.163.199.254:8080
192.186.96.125:8080
192.228.158.238:443
197.248.67.226:8080
197.88.12.80:53
200.114.142.40:8080
200.125.190.126:8080
200.126.225.56:8080
201.110.165.146:8443
201.138.11.223:8080
201.146.85.239:22
201.152.34.208:995
201.152.64.25:20
201.165.102.49:443
201.170.241.239:8080
201.220.152.101:80
201.236.95.82:80
201.239.154.191:443
201.97.91.217:443
203.210.237.200:993
204.138.46.166:7080
204.184.25.150:143
208.180.246.147:80
208.78.100.202:8080
209.159.244.240:443
210.2.86.72:8080
211.105.238.226:80
211.63.71.72:8080
212.122.71.196:995
212.31.106.90:22
216.221.73.45:443
217.13.106.160:7080
217.165.84.16:7080
217.165.84.98:20
219.94.254.93:8080
23.254.203.51:8080
24.137.254.148:80
24.63.218.229:80
2.50.4.159:443
27.130.153.101:53
37.209.252.121:80
41.227.243.107:80
41.71.19.150:80
43.229.62.186:8080
45.123.3.54:443
45.33.49.124:443
47.202.17.6:80
50.250.136.225:80
50.31.0.160:8080
51.255.50.164:8080
5.230.147.179:8080
5.9.128.163:8080
59.91.30.53:443
60.49.36.149:50000
61.2.56.167:80
62.75.143.100:7080
62.75.187.192:8080
63.77.201.245:443
64.13.225.150:8080
66.115.90.48:80
66.209.69.165:443
67.205.149.117:443
67.206.210.18:80
67.241.81.253:8443
68.191.37.107:80
69.163.33.82:8080
69.198.17.7:8080
70.184.8.94:80
70.57.82.196:80
71.11.157.249:80
72.47.248.48:8080
73.217.113.111:80
74.36.4.206:80
78.186.5.109:443
80.82.62.9:443
81.134.59.36:8080
81.22.137.186:8080
82.226.163.9:80
82.73.220.225:80
83.110.216.26:8443
83.110.80.67:22
83.222.124.62:8080
85.104.184.242:8080
85.104.59.244:20
87.106.139.101:8080
87.106.210.123:80
88.254.240.194:80
89.188.124.145:443
89.211.193.18:80
91.205.215.57:7080
91.92.191.134:8080
92.154.101.154:50000
92.48.118.27:8080
94.250.55.138:443
94.76.200.114:8080
95.128.43.213:8080
95.42.189.34:443
96.64.191.13:80
99.243.127.236:80

# Reference: https://twitter.com/ozuma5119/status/1123474884221382656

http://117.196.47.110/teapot/badge/ringin/merge/

# Reference: https://twitter.com/ozuma5119/status/1127619333444730886

tamsuamy.com
66.84.11.168:8080

# Reference: https://twitter.com/P3pperP0tts/status/1135976656751996928

142.4.198.249:7080
162.243.125.212:8080
170.150.11.245:8080

# Reference: https://twitter.com/bry_campbell/status/1164689134012833792
# Reference: https://pastebin.com/raw/7Kq2e1ik

104.131.11.150:8080
104.131.208.175:8080
104.236.151.95:7080
142.93.88.16:443
144.139.247.220:80
159.89.179.87:7080
162.144.119.216:8080
162.243.125.212:8080
170.150.11.245:8080
176.31.200.130:8080
177.242.214.30:80
187.163.180.243:22
195.242.117.231:8080
216.98.148.156:8080
217.13.106.160:7080
31.12.67.62:7080
45.123.3.54:443
45.32.158.232:7080
46.101.142.115:8080
46.105.131.69:443
64.13.225.150:8080
69.45.19.145:8080
70.32.84.74:8080
75.127.14.170:8080
91.83.93.103:7080

# Reference: https://www.virustotal.com/gui/file/09007a7ee335c0556b4a519596b589f55a0451ac540d5bbfd009f58bd9cdeb69/detection
# Reference: https://app.any.run/tasks/f78c73cb-c3b2-4ea1-a50e-187a3545eb57/

176.113.82.144:443
realty4rent.hk

# Reference: https://app.any.run/tasks/1c298a26-6a84-425f-bc1e-d37438a3ef58/

/guids/xian/ringin/

# Reference: https://twitter.com/MalwareBlueTeam/status/1171447070307188738
# Reference: https://app.any.run/tasks/ad2a8ad2-884e-4971-93bb-628305633af7/

cwbsa.org
greatvacationgiveaways.com
ulukantasarim.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1173526753308020736
# Reference: https://app.any.run/tasks/d488ee5e-8fac-47b1-b60c-56a6e39dbd89/

179.24.118.93:990
190.55.39.215:80
190.55.86.138:8443
/ringin/usbccid/

# Reference: https://twitter.com/reecdeep/status/1173858862467883008

179.12.170.88:8080
/ringin/merge/

# Reference: https://twitter.com/Paladin3161/status/1173758599442468864

alldc.pw
dentalsearchsolutions.com
dywanypers.pl
keqiang.pro
playasrivieramaya.com

# Reference: https://twitter.com/SethKingHi/status/1173825828053872641

139.59.242.76:8080
149.202.153.251:8080
159.69.211.211:7080
181.230.126.152:8090
190.13.146.47:443
190.92.103.7:80
192.241.175.184:8080
203.150.19.63:443
216.154.222.52:7080
69.164.216.124:8080
93.78.205.196:443

# Reference: https://twitter.com/killamjr/status/1173960346572378112

59055.cn
larissalinhares.com.br
robotechcity.com
toptarotist.nl
xinlou.info

# Reference: https://twitter.com/lazyactivist192/status/1173983779981012994
# Reference: https://pastebin.com/ya09DEzC

103.97.95.218:143
104.131.11.150:8080
104.236.246.93:8080
109.104.79.48:8080
109.169.86.13:8080
117.197.124.36:443
123.168.4.66:22
136.243.177.26:8080
138.201.140.110:8080
138.68.106.4:7080
142.44.162.209:8080
144.139.247.220:80
149.202.153.252:8080
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
159.65.241.220:8080
159.65.25.128:8080
162.243.125.212:8080
169.239.182.217:8080
173.212.203.26:8080
175.100.138.82:22
177.246.193.139:20
178.254.6.27:7080
178.62.37.188:443
178.79.161.166:443
178.79.163.131:8080
179.32.19.219:22
179.62.18.56:443
181.143.53.227:21
181.188.149.134:80
181.36.42.205:443
181.81.143.108:80
182.176.106.43:995
182.176.132.213:8090
182.76.6.2:8080
183.82.97.25:80
183.87.87.73:80
185.129.92.210:7080
185.86.148.222:8080
185.94.252.13:443
186.4.172.5:443
186.4.172.5:8080
186.4.194.153:993
186.83.133.253:8080
187.155.233.46:443
187.188.166.192:80
188.166.253.46:8080
189.209.217.49:80
190.1.37.125:443
190.117.206.153:443
190.145.67.134:8090
190.186.203.55:80
190.19.42.131:80
190.200.64.180:7080
190.221.50.210:8080
190.226.44.20:21
190.230.60.129:80
190.53.135.159:21
198.199.106.229:8080
198.199.88.162:8080
200.21.90.6:8080
200.57.102.71:8443
200.58.171.51:80
201.163.74.202:443
201.212.57.109:80
201.250.11.236:50000
203.25.159.3:8080
206.189.98.125:8080
211.63.71.72:8080
212.71.234.16:8080
217.113.27.158:443
217.160.182.191:8080
217.199.175.216:8080
222.214.218.192:8080
23.92.22.225:7080
31.12.67.62:7080
31.172.240.91:8080
37.157.194.134:443
37.208.39.59:7080
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
46.105.131.87:80
46.21.105.59:8080
46.29.183.211:8080
5.196.35.138:7080
5.77.13.70:80
59.152.93.46:443
62.210.142.58:8080
62.75.143.100:7080
62.75.187.192:8080
64.13.225.150:8080
75.127.14.170:8080
77.245.101.134:8080
77.55.211.77:8080
78.188.105.159:21
78.24.219.147:8080
79.127.57.42:80
79.143.182.254:8080
80.85.87.122:8080
81.169.140.14:443
85.104.59.244:20
86.42.166.147:80
86.98.25.30:53
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
88.156.97.210:80
88.250.223.190:8080
89.188.124.145:443
91.205.215.57:7080
91.205.215.66:8080
91.83.93.103:7080
91.83.93.124:7080
91.92.191.134:8080
92.222.125.16:7080
92.222.216.44:8080
94.205.247.10:80
95.128.43.213:8080

# Reference: https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/
# Reference: https://otx.alienvault.com/pulse/5d8a324eb4ec65a6ab67f511

62.75.171.248:7080
cia.com.py

# Reference: https://twitter.com/reecdeep/status/1179310971761901570
# Reference: https://pastebin.com/stDdCGt8

80.240.141.141:7080
/child/free/ringin/

# Reference: https://www.virustotal.com/gui/file/985c26006ec5b38ff8c77239ccd33f1019918282c4cb50e541a58bcf8267d7bd/detection

67.225.229.55:8080

# Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html

109.104.79.48:8080
109.169.86.13:8080
114.79.134.129:443
119.159.150.176:443
119.59.124.163:8080
119.92.51.40:8080
123.168.4.66:22
138.68.106.4:7080
139.5.237.27:443
149.62.173.247:8080
151.80.142.33:80
159.203.204.126:8080
170.84.133.72:7080
170.84.133.72:8443
178.249.187.151:8080
178.79.163.131:8080
179.62.18.56:443
181.123.0.125:80
181.167.53.209:80
181.188.149.134:80
181.230.212.74:80
181.36.42.205:443
183.82.97.25:80
184.69.214.94:20
185.187.198.10:8080
185.86.148.222:8080
186.0.95.172:80
186.83.133.253:8080
187.155.233.46:443
187.188.166.192:80
187.199.158.226:443
187.199.158.226:7080
187.235.239.214:8080
189.166.68.89:443
189.187.141.15:50000
190.1.37.125:443
190.104.253.234:990
190.117.206.153:443
190.158.19.141:80
190.200.64.180:7080
190.221.50.210:8080
190.230.60.129:80
190.230.60.129:8080
190.38.14.52:80
200.21.90.6:8080
200.57.102.71:8443
200.58.171.51:80
201.163.74.202:443
201.184.65.229:80
201.214.74.71:80
203.25.159.3:8080
211.229.116.97:80
212.71.237.140:8080
217.113.27.158:443
217.199.160.224:8080
217.199.175.216:8080
23.92.22.225:7080
46.163.144.228:80
46.21.105.59:8080
46.28.111.142:7080
46.29.183.211:8080
46.41.134.46:8080
46.41.151.103:8080
5.196.35.138:7080
5.77.13.70:80
50.28.51.143:8080
51.15.8.192:8080
62.75.143.100:7080
62.75.160.178:8080
71.244.60.230:7080
71.244.60.231:7080
77.245.101.134:8080
77.55.211.77:8080
79.143.182.254:8080
80.240.141.141:7080
80.85.87.122:8080
81.169.140.14:443
86.42.166.147:80
87.106.77.40:7080
88.250.223.190:8080
89.188.124.145:443
91.205.215.57:7080
91.83.93.124:7080
66.228.32.31:443
198.50.170.27:8080
216.98.148.157:8080
101.187.237.217:20
103.255.150.84:80
103.97.95.218:143
104.131.11.150:8080
104.236.246.93:8080
119.15.153.237:80
136.243.177.26:8080
138.201.140.110:8080
142.44.162.209:8080
144.139.247.220:80
149.167.86.174:990
149.202.153.252:8080
159.65.25.128:8080
162.144.47.94:7080
169.239.182.217:8080
173.212.203.26:8080
177.246.193.139:20
178.254.6.27:7080
178.79.161.166:443
179.32.19.219:22
180.183.112.185:21
181.143.194.138:443
181.143.53.227:21
182.176.106.43:995
182.176.132.213:8090
182.76.6.2:8080
185.142.236.163:443
185.94.252.13:443
186.4.172.5:443
186.4.172.5:8080
186.75.241.230:80
187.144.189.58:50000
188.166.253.46:8080
189.209.217.49:80
190.106.97.230:443
190.108.228.48:990
190.145.67.134:8090
190.18.146.70:80
190.186.203.55:80
190.211.207.11:443
190.226.44.20:21
190.228.72.244:53
190.53.135.159:21
199.19.237.192:80
200.21.90.6:80
200.71.148.138:8080
201.251.43.69:8080
206.189.98.125:8080
211.63.71.72:8080
212.129.24.82:8080
212.71.234.16:8080
217.145.83.44:80
217.160.182.191:8080
222.214.218.192:8080
24.51.106.145:21
27.147.163.188:8080
31.12.67.62:7080
31.172.240.91:8080
37.157.194.134:443
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
46.105.131.87:80
47.41.213.2:22
5.196.74.210:8080
62.75.187.192:8080
63.142.253.122:8080
77.237.248.136:8080
78.188.105.159:21
78.24.219.147:8080
80.11.163.139:21
80.11.163.139:443
83.136.245.190:8080
85.104.59.244:20
85.106.1.166:50000
86.98.25.30:53
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
88.156.97.210:80
88.247.163.44:80
91.205.215.66:8080
92.222.125.16:7080
92.222.216.44:8080
94.205.247.10:80
95.128.43.213:8080
46.105.131.69:443
176.31.200.130:8080
104.131.58.132:8080
108.179.216.46:8080
110.36.234.146:80
113.52.135.33:7080
115.88.70.226:7080
125.99.61.162:7080
138.197.140.163:8080
139.59.242.76:8080
143.95.101.72:8080
148.240.52.172:80
152.170.220.95:80
162.214.27.219:7080
162.241.232.82:8080
176.58.93.123:80
178.249.187.150:7080
179.62.18.56:443
181.113.229.139:990
181.165.150.211:143
181.230.126.152:8090
181.55.171.237:8080
186.10.16.244:53
186.117.174.26:80
186.29.155.101:50000
186.93.167.147:443
190.117.206.153:443
190.13.146.47:443
190.55.39.215:80
190.55.86.138:8443
190.92.103.7:80
190.96.118.15:443
194.50.163.106:8080
197.211.244.6:443
200.114.134.8:20
201.244.125.210:995
203.150.19.63:443
216.154.222.52:7080
216.70.88.55:8080
41.60.202.26:22
45.33.1.161:8080
46.32.229.152:8080
5.189.148.98:8080
51.38.134.203:8080
70.45.30.28:80
78.109.34.178:443
83.169.33.157:8080
93.78.205.196:443
94.177.253.126:80
178.32.255.133:443
198.46.150.196:7080

# Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html

tamariaclinic.com/blog/po22/
a3infra.com/config.charge/92/
kairod.com/4rvg/fg19/
weifanhao.com/wp-admin/mm6zz6158/
aladilauto.com/wp-admin/o273wu4/
marchekit.com/wp-admin/oaxj1/
matteogiovanetti.com/wp-admin/264/
fntc-test.xcesslogic.com/wp-content/3b7s9209/
m.alahmads.com/wordpress/h5ut582/
ejob.magnusideas.com/cgi-bin/i5834/
otc-manila.com/wp-admin/q2zht7567/
mti.shipindia.com/wp-admin/css/21nd31328/
wisdomabc.com/css/wm8fu9190/
reportingnew.xyz/wordpress/3f0880/
metaphysicalhub.com/bkp_08092019/9nvo876799/
gg4.devs-group.com/amdcwdp/YPRqWcJFaE/
tlbplanning.org/wp-admin/KqrBgDoSq/
eternalsea.cn/qfpka0q/tPeJNBsE/
banglaay.com/wp-includes/VRVWLAbrjy/
shizizmt.com/jr/633mjf4w8_54d4cu-209964833/
aplikasi.bangunrumah-kita.com/b8kee0mj/0m3l_clo7kkcub-76/
altaikawater.com/wp-admin/4jh8s_sxm6m3eec-441/
antoinegimenez.com/css/hUgHbaEf/
auto-moto-ecole-vauban.fr/wp-admin/ww42_lwln3c-1236328628/
avant2017.amsi-formations.com/prog/skzHGQddV/
cheaptrainticket.cogbiz-infotech.com/cgi-bin/9vsx4g6l_p5x29co-43731795/
gsfcloud.com/fir/qx88b0qgfq_tdpfmobexf-881829012/
fabiogutierrez.com.br/loja/bEZYtLkJGj/
gruasasuservicio.com/cgi-bin/YdFmLIEsIB/
itf.palemiya.com/wp-includes/IIswblOCV/
moda.9l.pl/calendar/HugncgqxUR/
sweetmagazine.org/wp-admin/z0jxuhjao_n6me674y8i-3862/
precisieving.com/wp-admin/db090yl5_bwwmv-86392/
ucomechina.com/wp-content/aVMBsBCy/
your-event.es/mailin/OgXcBNiq/
lensakaca21.com/wp-admin/dBfxiIyp/
ithync.net/wp-includes/tyyYyGS/
blog.coopealbaterense.es/wp-admin/dnf3-nl9qg-869655/
lumiinx.eu/inc/prevents/addtosavedlist/nStxFTJB/
lupusvibes.ca/wp-admin/jnmvgio-dsl-6986784805/
cielouvert.fr/syvhqw1/nkch-nzf59az7e-99571/
demo.magerase.co.uk/wp-admin/wKpBbWmF/
accountingtoindia.com/fhsao/txsp1-fcy9gfh-11178860/
diawan.club/wordpress/ZnbSfWu/
lelecars.it/wp-admin/khrufjms-sijs5jz1e3-532825/
notiwebs.xyz/wordpress/vBfQVN/
ocstudio.tv/wp-admin/qWhNBtEM/
dulich.goasiatravel.com/wp-admin/mCXZnnARx/
www.hellotech.io/fivestar/vHYxCPeDd/
hospitalitysource.co.uk/test/lohXuP/
mobasara13.zahidulzibon.com/hyi/iGIuWmPa/
munishjindal.com/wp-content/tIZtULuZv/
cowabungaindustries.com/cgi-bin/hv3g9x-hkzj-9002618725/
sgiff.com/css/ixuc3k-wus7v022j-4995897081/
thesafeplace.net/wp/AsHrwMT/

# Reference: https://twitter.com/BarryShooshooga/status/1182535664643923968

mayurpai.com
mastersjarvis.com
nyc.rekko.com
lagriffeduweb.com
onickdoorsonline.com

# Reference: https://any.run/report/06f1f3ab993e994fe2b14126c50f009854081f55e52e26d5f0e2a325c5c5280f/e304cf8f-c3e5-4c03-a37d-2eb47266e450

offmaxindia.com

# Reference: https://github.com/silence-is-best/c2db#emotet

69.162.169.173:8080

# Reference: https://twitter.com/D3LabIT/status/1182633589764165640
# Reference: https://app.any.run/tasks/e6e252dc-6a94-4e61-ae21-a581beee5114/
# Reference: https://pastebin.com/zKBnkxqq

http://110.36.234.146
http://191.82.16.60
91.83.93.105:8080
110.36.234.146:80
191.82.16.60:80
91.83.93.105:8080
216.98.148.181:8080
68.183.190.199:8080
190.230.60.129:80
183.82.97.25:80
114.79.134.129:443
89.188.124.145:443
178.79.163.131:8080
76.69.29.42:80
87.106.77.40:7080
178.249.187.151:8080
62.75.143.100:7080
201.163.74.202:443
62.75.160.178:8080
181.188.149.134:80
186.0.95.172:80
217.199.160.224:8080
203.25.159.3:8080
189.160.49.234:8443
190.104.253.234:990
71.244.60.230:7080
159.203.204.126:8080
71.244.60.231:7080
142.93.82.57:8080
46.41.151.103:8080
138.68.106.4:7080
5.1.86.195:8080
149.62.173.247:8080
170.84.133.72:7080
190.230.60.129:8080
190.97.30.167:990
190.85.152.186:8080
200.58.171.51:80
51.15.8.192:8080
190.158.19.141:80
91.83.93.124:7080
139.5.237.27:443
123.168.4.66:22
81.169.140.14:443
187.188.166.192:80
212.71.237.140:8080
186.1.41.111:443
77.245.101.134:8080
181.29.101.13:8080
181.44.166.242:80
185.86.148.222:8080
86.42.166.147:80
190.221.50.210:8080
94.183.71.206:7080
181.36.42.205:443
170.84.133.72:8443
68.183.170.114:8080
79.129.0.173:8080
184.69.214.94:20
189.180.243.255:8080
200.57.102.71:8443
109.104.79.48:8080
185.187.198.10:8080
80.85.87.122:8080
181.143.101.18:8080
119.59.124.163:8080
46.163.144.228:80
50.28.51.143:8080
88.250.223.190:8080
190.38.14.52:80
119.159.150.176:443
5.77.13.70:80
200.51.94.251:143
82.196.15.205:8080
201.199.93.30:443
5.196.35.138:7080
46.28.111.142:7080
125.99.61.162:7080
189.166.68.89:443
151.80.142.33:80
79.143.182.254:8080
119.92.51.40:8080
46.101.212.195:8080
46.29.183.211:8080
91.205.215.57:7080
190.10.194.42:8080
77.55.211.77:8080
109.169.86.13:8080
190.1.37.125:443

# Reference: https://app.any.run/tasks/a30f1cfa-5088-4993-9435-58e2df1791a9/

181.16.17.210:443
chefchaouen360.com
faithmontessorischools.com
japanesepdf.com

# Reference: https://twitter.com/blackorbird/status/1191185536372920320

46.105.131.68:8080

# Reference: https://medium.com/@vishal_29486/emotet-sep-2019-wk-3-c2i-urls-f3bb8b10e17f

http://95.42.189.34/rtm/child/
http://41.227.243.107/child/report/publish/
http://190.18.153.249/json/
http://189.150.218.69/loadan/
http://104.236.135.119/site/tlb/
http://162.243.125.212/schema/loadan/
http://217.13.106.160/teapot/jit/publish/
http://5.230.147.179/guids/img/
http://64.13.225.150/publish/nsip/
http://95.128.43.213/raster/srvc/publish/
http://187.234.36.129/ringin/
http://37.209.252.121/taskbar/schema/publish/enabled/
http://211.63.71.72/xian/vermont/publish/enabled/
http://174.93.130.148/results/enable/publish/
http://83.110.80.67/site/devices/publish/enabled/
http://50.31.0.160/devices/cookies/publish/enabled/
http://175.100.138.82/enabled/dma/
http://190.128.26.2/attrib/odbc/publish/
http://45.123.3.54/ringin/balloon/publish/enabled/
http://78.186.5.109/raster/codec/publish/
http://69.198.17.7/cookies/
http://50.250.136.225/ban/teapot/
http://24.63.218.229/merge/rtm/
http://217.165.84.98/balloon/acquire/
http://106.51.237.174/entries/raster/
http://167.114.210.191/devices/window/publish/
http://45.33.49.124/attrib/
http://147.135.210.39/cone/
http://94.76.200.114/psec/
http://96.64.191.13/devices/
http://190.161.186.116/guids/
http://201.220.152.101/cone/
http://67.205.149.117/balloon/forced/
http://133.242.156.30/badge/loadan/publish/
http://201.152.64.25/walk/free/publish/enabled/
http://70.57.82.196/scripts/add/publish/
http://138.201.140.110/acquire/
http://201.236.95.82/mult/ringin/publish/enabled/
http://186.4.234.27/codec/sess/publish/
http://114.79.191.12/merge/
http://190.36.237.47/free/chunk/
http://189.252.110.239/tpt/schema/publish/enabled/
http://190.97.219.241/add/
http://92.154.101.154/between/
http://201.170.241.239/cone/iplk/publish/enabled/
http://85.104.59.244/enable/odbc/publish/enabled/
http://103.12.133.7/loadan/balloon/
http://87.106.139.101/devices/health/publish/enabled/
http://183.82.1.142/merge/splash/publish/
http://212.122.71.196/chunk/
http://87.106.210.123/arizona/
http://62.75.187.192/iab/
http://187.189.195.208/psec/scripts/
http://201.146.85.239/sess/merge/
http://83.222.124.62/badge/enabled/
http://173.255.250.241/usbccid/
http://189.222.167.65/srvc/between/
http://173.255.196.209/nsip/entries/publish/enabled/
http://63.77.201.245/pnp/child/
http://178.62.37.188/srvc/guids/publish/
http://208.78.100.202/pdf/
http://91.92.191.134/scripts/
http://95.42.189.34/json/
http://125.99.106.225/forced/loadan/publish/
http://41.227.243.107/merge/
http://47.41.213.2/between/ban/
http://206.189.98.125/child/json/free/
http://200.21.90.6/raster/
http://187.163.222.244/forced/
http://186.4.234.27/devices/window/free/enabled/
http://190.97.219.241/report/enabled/free/
http://87.106.136.232/tlb/usbccid/
http://213.14.166.152/merge/entries/free/
http://125.99.106.226/guids/
http://60.48.253.12/child/
http://187.189.195.208/acquire/guids/free/enabled/
http://92.154.101.154/enabled/report/free/
http://189.209.217.49/child/results/free/enabled/
http://41.220.119.246/child/forced/
http://217.13.106.160/scripts/arizona/
http://188.166.253.46/jit/loadan/free/
http://162.243.125.212/merge/
http://75.127.14.170/guids/xian/
http://159.65.25.128/arizona/ringin/free/enabled/
http://190.72.136.214/site/srvc/
http://50.99.132.7/badge/publish/
http://50.31.0.160/ringin/chunk/free/enabled/
http://31.172.240.91/dma/schema/free/
http://104.236.99.225/teapot/vermont/free/enabled/
http://46.101.142.115/between/prov/free/enabled/
http://222.214.218.136/taskbar/enable/free/
http://201.199.89.223/walk/
http://85.104.59.244/tlb/cookies/
http://190.25.255.98/site/badge/free/
http://190.145.67.134/balloon/cab/
http://216.98.148.156/iab/health/free/
http://45.123.3.54/prov/site/free/enabled/
http://24.139.205.186/raster/teapot/free/enabled/
http://78.186.5.109/devices/walk/
http://136.243.177.26/json/acquire/free/enabled/
http://120.150.236.64/pdf/raster/free/
http://181.189.213.231/cab/window/free/enabled/
http://187.225.213.90/stubs/enabled/free/
http://88.21.212.13/img/
http://190.75.47.24/enabled/
http://178.152.78.149/enabled/cone/
http://39.61.34.254/balloon/guids/free/enabled/
http://182.176.132.213/mult/symbols/free/
http://138.201.140.110/merge/results/free/
http://186.144.64.31/schema/tlb/free/enabled/
http://91.74.62.86/prep/loadan/
http://178.79.161.166/results/free/free/
http://147.135.210.39/ringin/
http://144.139.247.220/symbols/
http://222.214.218.192/schema/srvc/
http://69.45.19.145/merge/publish/
http://201.220.152.101/iplk/chunk/
http://186.4.167.166/scripts/attrib/free/
http://84.241.10.111/taskbar/prov/free/enabled/
http://162.144.119.216/child/
http://142.93.88.16/splash/
http://31.12.67.62/enabled/cookies/free/enabled/
http://91.83.93.103/cone/
http://104.131.208.175/ringin/
http://62.75.187.192/site/balloon/
http://177.242.214.30/symbols/site/
http://211.248.17.209/usbccid/walk/free/enabled/
http://195.242.117.231/cookies/acquire/free/
http://87.106.139.101/entries/merge/free/
http://94.76.200.114/cookies/sym/free/
http://179.32.19.219/publish/
http://200.85.46.122/acquire/entries/free/
http://169.239.182.217/prov/cone/free/enabled/
http://190.25.255.98/enable/taskbar/free/
http://104.131.11.150/srvc/
http://201.238.152.20/iplk/results/free/
http://190.83.191.92/raster/forced/
http://78.24.219.147/symbols/arizona/
http://179.14.2.75/psec/pdf/free/enabled/
http://59.103.164.174/glitch/nsip/free/
http://71.244.60.230/loadan/sess/free/
http://190.128.26.2/nsip/publish/free/
http://182.176.94.236/pdf/iab/free/enabled/
http://87.230.19.21/pnp/schema/
http://175.100.138.82/badge/vermont/
http://117.218.17.6/loadan/prov/
http://91.205.215.66/pdf/enable/free/
http://187.163.180.243/enabled/iplk/free/enabled/
http://211.63.71.72/report/badge/
http://190.25.255.98/usbccid/cab/free/
http://64.13.225.150/xian/health/free/
http://181.129.30.82/enabled/
http://46.105.131.87/glitch/
http://66.84.11.168/cone/teapot/free/enabled/
http://182.176.94.236/acquire/
http://80.1.76.46/acquire/
http://77.56.253.112/psec/
http://212.71.234.16/merge/
http://95.128.43.213/xian/enabled/free/enabled/
http://167.114.210.191/taskbar/between/free/enabled/
http://177.246.193.139/usbccid/glitch/
http://178.62.37.188/publish/child/
http://174.136.14.100/sym/taskbar/free/
http://78.188.7.213/enabled/report/
http://104.236.246.93/cab/results/free/
http://45.33.49.124/acquire/
http://47.41.213.2/acquire/
http://206.189.98.125/psec/
http://200.21.90.6/walk/xian/free/enabled/
http://187.163.222.244/usbccid/
http://186.4.234.27/symbols/
http://190.97.219.241/arizona/ringin/free/enabled/
http://87.106.136.232/loadan/srvc/
http://213.14.166.152/bml/publish/free/
http://125.99.106.226/add/chunk/free/
http://60.48.253.12/raster/schema/free/enabled/
http://187.189.195.208/rtm/attrib/
http://92.154.101.154/iplk/prov/free/enabled/
http://189.209.217.49/walk/enable/
http://41.220.119.246/enabled/iplk/free/
http://217.13.106.160/child/psec/
http://188.166.253.46/json/dma/free/
http://162.243.125.212/report/odbc/free/
http://75.127.14.170/tpt/balloon/free/enabled/
http://159.65.25.128/splash/splash/free/
http://190.72.136.214/forced/pnp/free/
http://50.99.132.7/ban/
http://50.31.0.160/raster/json/free/enabled/
http://31.172.240.91/splash/raster/free/
http://104.236.99.225/free/scripts/free/enabled/
http://46.101.142.115/usbccid/merge/
http://222.214.218.136/jit/enabled/free/enabled/
http://201.199.89.223/arizona/between/
http://85.104.59.244/taskbar/glitch/free/
http://190.25.255.98/iab/taskbar/free/enabled/
http://190.145.67.134/raster/report/free/
http://216.98.148.156/ringin/
http://45.123.3.54/report/forced/
http://24.139.205.186/srvc/
http://78.186.5.109/free/add/
http://136.243.177.26/psec/stubs/
http://120.150.236.64/guids/ringin/free/
http://181.189.213.231/usbccid/
http://187.225.213.90/iab/publish/free/
http://88.21.212.13/symbols/
http://190.75.47.24/arizona/attrib/free/enabled/
http://178.152.78.149/results/prov/free/
http://39.61.34.254/acquire/iplk/free/
http://182.176.132.213/devices/
http://138.201.140.110/sym/
http://186.144.64.31/publish/
http://91.74.62.86/cone/
http://178.79.161.166/arizona/site/free/enabled/
http://147.135.210.39/arizona/tpt/free/enabled/
http://144.139.247.220/scripts/rtm/pdf/enabled/
http://222.214.218.192/psec/
http://69.45.19.145/sym/
http://201.220.152.101/xian/window/pdf/enabled/
http://186.4.167.166/window/enabled/pdf/
http://84.241.10.111/scripts/
http://162.144.119.216/enable/
http://142.93.88.16/attrib/
http://31.12.67.62/child/child/
http://91.83.93.103/symbols/guids/pdf/
http://104.131.208.175/rtm/report/pdf/enabled/

# Reference: https://any.run/report/55dfe66f79cd29e7d145b2ac8737753c5450f635660e66b5776e97cbe8c1a76c/e8aa6541-b117-4e28-9b0a-7e45587b67d9

191.100.24.201:50000
193.34.144.138:8080
74.208.173.91:8080
46.105.131.68:8080
152.169.32.143:8080

# Reference: https://any.run/report/3cf19ad5c06f025712300a4e93219e0faa35475402fae323b4daa4bbe1ba7bef/eebb6b29-c512-4502-96ea-fafedfd21ecb

189.252.102.40:8080

# Reference: https://any.run/report/90fb407e71334f7ca323d9f6537706d54cafed3bf9538799b79b89658ae067ee/b893ddb7-d8ff-4994-8a7a-644851c4fced

85.234.143.94:8080
204.225.249.100:8080
178.249.187.151:8080

# Reference: https://any.run/report/603d002fe4cd0bd24f19036d9885877062233ffb32309c510f10e86ac1bc9f38/b492d8c0-56ed-48ea-b10e-1147c848753b

104.239.175.211:8080
67.225.179.64:8080
183.102.238.69:465

# Reference: https://twitter.com/malware_traffic/status/1196554607658459136
# Reference: https://app.any.run/tasks/1496c35f-f44a-4913-b7de-847a421bdfe1/
# Reference: https://www.virustotal.com/gui/ip-address/144.76.56.36/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.156.35.235/relations

144.76.56.36:8080
65.23.154.17:8080
94.156.35.235:443

# Reference: https://pastebin.com/5iAUEP7J

jameslotz.com/wp-admin/k3s20753/
monitoring.bactrack.com/wp-content/cmdz7/
enegix.com/pytosj2jd/v9s7ze3/
jaafarattar.com/pytosj2jd/2re2j5773/
iruainvestments.com/pytosj2jd/0nc76zs40663/
handbookforfairygodmothers.com/yjlsdsd/k3/
yummybox.uk/wp-admin/7Q/
scrapy999.com/cgi-bin/g1oi/
bunifood.com/pytosj2jd/pazg/
eurobizconsulting.it/cgi-bin/9q6ty/

# Reference: https://app.any.run/tasks/68191492-99f0-464f-bb25-dd4f006c2c64/

http://momo2.test.zinimedia.com/medias/2wgtpu56548/

# Reference: https://app.any.run/tasks/dd109624-8140-4935-a10f-da93f909b3cf/

http://astrametals.com/wp-content/im24279/

# Reference: https://app.any.run/tasks/c1a626cf-c6e1-4405-8893-b45fe2b08323/
# Reference: https://app.any.run/tasks/27f879de-fbd3-4b44-89b3-67955cc78a71/

109.169.86.13:8080
125.99.61.162:7080
142.93.114.137:8080
149.62.173.247:8080
154.120.227.206:8080
159.203.204.126:8080
170.130.31.177:8080
172.104.233.225:8080
178.79.163.131:8080
182.48.194.6:8090
186.23.132.93:990
190.146.131.105:8080
190.195.129.227:8090
190.210.184.138:995
190.97.30.167:990
201.190.133.235:8080
203.25.159.3:8080
212.71.237.140:8080
213.189.36.51:8080
217.199.160.224:8080
50.28.51.143:8080
51.255.165.160:8080
62.75.160.178:8080
68.183.170.114:8080
68.183.190.199:8080
70.32.78.99:8080
77.55.211.77:8080
80.85.87.122:8080
81.213.215.216:50000
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
92.169.250.229:8080
94.183.71.206:7080

# Reference: https://app.any.run/tasks/810d6543-148f-4b1e-8266-b7bf63fb3f18/

209.97.168.52:8080
217.149.241.121:8080
31.47.234.186:8080
31.47.234.186:8080
37.187.2.199:443
46.101.7.140:8080
50.116.86.205:8080
69.64.67.20:8080

# Reference: https://www.virustotal.com/gui/domain/kids-education-support.com/relations

kids-education-support.com

# Reference: https://www.virustotal.com/gui/file/811fa8cd3dfb73070dc5c2f646c3b009944c6b4353cbf72a2355986606b1a7a0/detection

185.189.58.222:5050
92.63.197.59:5050

# Reference: https://pastebin.com/LdXdyCGQ

212.71.234.16:8080
78.47.106.72:8080
165.227.156.155:443
192.241.255.77:8080
181.57.193.14:80
86.22.221.170:80
37.187.2.199:443
179.12.170.148:8080
95.128.43.213:8080
59.103.164.174:80
152.89.236.214:8080
78.24.219.147:8080
190.226.44.20:21
104.236.246.93:8080
190.145.67.134:8090
104.239.175.211:8080
46.105.131.87:80
144.139.247.220:80
83.136.245.190:8080
171.101.153.86:990
190.211.207.11:443
104.131.44.150:8080
189.209.217.49:80
186.4.172.5:443
87.106.136.232:8080
87.106.139.101:8080
94.205.247.10:80
181.143.194.138:443
200.71.148.138:8080
186.4.172.5:20
62.75.187.192:8080
169.239.182.217:8080
92.222.216.44:8080
192.241.220.155:8080
87.230.19.21:8080
80.11.163.139:21
182.176.132.213:8090
31.172.240.91:8080
37.157.194.134:443
31.12.67.62:7080
190.53.135.159:21
191.92.209.110:7080
138.201.140.110:8080
45.33.49.124:443
103.39.131.88:80
167.71.10.37:8080
167.99.105.223:7080
85.104.59.244:20
115.78.95.230:443
186.75.241.230:80
67.225.179.64:8080
181.31.213.158:8080
104.131.11.150:8080
212.129.24.79:8080
217.160.182.191:8080
211.63.71.72:8080
159.65.25.128:8080
173.212.203.26:8080
5.196.74.210:8080
183.102.238.69:465
186.4.172.5:8080
178.79.161.166:443
192.81.213.192:8080
176.31.200.130:8080
178.210.51.222:8080
173.249.47.77:8080
91.205.215.66:8080
149.202.153.252:8080

# Reference: https://twitter.com/tkanalyst/status/1199711428082425857
# Reference: https://app.any.run/tasks/4f792e29-48b8-40ae-9e11-6f29c3ac7204/

104.236.137.72:8080
172.104.233.225:8080

# Reference: https://twitter.com/malware_traffic/status/1199754976748359680

178.63.78.150:8080
192.161.190.171:8080
80.93.48.49:7080

# Reference: https://twitter.com/malware_traffic/status/1199787380477235201

149.202.153.251:8080
222.239.249.166:443
50.63.13.135:8080
80.211.32.88:8080
82.145.43.153:8080
92.119.123.10:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1200047745307951105
# Reference: https://pastebin.com/raw/Sk3z09G0

116.48.142.21:443
12.229.155.122:80
120.150.246.241:80
121.175.14.59:990
125.230.36.147:443
128.65.154.183:443
144.139.56.105:80
164.68.101.171:80
165.228.24.197:80
172.90.70.168:443
177.103.201.23:80
187.144.236.211:443
187.250.92.82:80
190.101.87.170:80
195.244.215.206:80
197.254.221.174:80
2.38.99.79:80
202.226.238.55:80
220.146.36.244:80
41.218.118.66:80
47.187.70.124:443
5.88.182.250:80
72.27.212.209:8080
77.211.249.124:80
77.241.53.234:80
78.15.114.100:80
81.213.145.45:443
85.105.183.228:443
91.73.197.90:80
95.219.199.225:80

# Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/
# Reference: https://www.virustotal.com/gui/ip-address/190.12.119.180/relations

190.12.119.180:443

# Reference: https://twitter.com/Cryptolaemus1/status/1200388377805279232
# Reference: https://pastebin.com/raw/tKXqac1m

101.187.247.29:80
107.2.2.28:80
109.166.89.91:80
110.143.18.92:80
116.48.138.115:80
118.200.218.193:443
118.201.230.249:80
122.11.164.183:80
186.215.101.106:80
187.233.220.93:443
189.180.105.125:443
190.12.119.180:443
195.191.107.67:80
197.90.159.42:80
200.71.193.220:443
201.183.251.100:80
211.218.105.101:80
213.179.105.214:8080
47.50.251.130:80
60.53.3.153:8080
80.21.182.46:80
80.29.54.20:80
83.110.107.243:443
85.130.127.2:80
98.196.49.107:80

# Reference: https://twitter.com/peric0/status/1200535559615201285
# Reference: https://app.any.run/tasks/92158989-24e1-43df-9cc1-958aadacdce8/

31.41.221.148:80
5.63.8.237:443
88.198.60.25:80
95.216.124.146:443
artnkrafts.com
arvinhayat.com
mototorg.com
peruorganiconatural.com
primekala.com

# Reference: https://twitter.com/luc4m/status/1201929340717547520
# Reference: https://pastebin.com/tk8Wj4ya

104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
110.143.18.92:80
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
121.175.14.59:990
125.99.61.162:7080
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
14.160.93.230:80
142.127.57.63:8080
142.93.114.137:8080
144.139.56.105:80
149.62.173.247:8080
154.120.227.206:8080
159.203.204.126:8080
163.172.40.218:7080
172.104.233.225:8080
178.79.163.131:8080
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
181.36.42.205:443
181.61.143.177:80
182.48.194.6:8090
183.82.97.25:80
185.86.148.222:8080
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
189.173.113.67:443
190.102.226.91:80
190.146.131.105:8080
190.17.42.79:80
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
190.38.14.52:80
190.4.50.26:80
190.97.30.167:990
191.103.76.34:443
2.38.99.79:80
200.113.106.18:80
200.123.101.90:80
200.124.225.32:80
200.58.83.179:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
203.130.0.69:80
203.25.159.3:8080
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
213.189.36.51:8080
217.199.160.224:8080
37.132.193.19:8080
45.79.95.107:443
46.101.212.195:8080
46.28.111.142:7080
47.146.42.234:80
47.187.70.124:443
5.196.35.138:7080
50.28.51.143:8080
51.255.165.160:8080
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
77.241.53.234:80
77.55.211.77:8080
80.29.54.20:80
80.85.87.122:8080
81.213.215.216:50000
82.196.15.205:8080
82.8.232.51:80
85.234.143.94:8080
86.42.166.147:80
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
95.179.195.74:80
96.20.84.254:7080
98.196.49.107:80

# Reference: https://app.any.run/tasks/5275f984-a656-41d5-b031-496accf03e4b/

105.227.58.49:80

# Reference: https://pastebin.com/jfsfQ6Cq

1.32.54.12:8080
103.122.75.218:80
103.9.145.19:8080
110.142.161.90:80
113.52.135.33:7080
115.179.91.58:80
119.159.150.176:443
122.11.164.183:80
123.142.37.165:80
124.150.175.129:8080
124.150.175.133:80
138.197.140.163:8080
142.93.87.198:8080
143.95.101.72:8080
152.169.32.143:8080
162.144.46.90:8080
163.172.97.112:8080
172.104.70.207:8080
172.105.213.30:80
172.90.70.168:443
174.57.150.13:8080
176.58.93.123:80
177.103.201.23:80
178.134.1.238:80
181.197.108.171:443
181.44.166.242:80
181.47.235.26:993
182.176.116.139:995
186.215.101.106:80
186.66.224.182:990
187.177.155.123:990
187.233.220.93:443
187.250.92.82:80
188.230.134.205:80
189.225.211.171:443
189.61.200.9:443
190.101.87.170:80
190.161.67.63:80
190.171.135.235:80
190.189.79.73:80
190.5.162.204:80
191.100.24.201:50000
192.161.190.171:8080
192.163.221.191:8080
192.210.217.94:8080
192.241.220.183:8080
193.33.38.208:443
195.191.107.67:80
198.57.217.170:8080
200.71.112.158:53
201.183.251.100:80
201.196.15.79:990
210.111.160.220:80
210.224.65.117:80
211.218.105.101:80
212.112.113.235:80
212.129.14.27:8080
216.75.37.196:8080
221.154.59.110:80
23.253.207.142:8080
24.27.122.202:80
24.28.178.71:80
37.59.24.25:8080
41.218.118.66:80
41.77.74.214:443
45.129.121.222:443
46.105.128.215:8080
46.105.131.68:8080
46.17.6.116:8080
5.189.148.98:8080
50.116.78.109:8080
51.38.134.203:8080
58.93.151.148:80
60.53.3.153:8080
67.171.182.231:80
67.254.196.78:443
69.30.205.162:7080
72.27.212.209:8080
72.69.99.47:80
77.245.12.212:80
78.186.102.195:80
78.46.87.133:8080
81.213.145.45:443
81.82.247.216:80
82.79.244.92:80
83.110.107.243:443
83.156.88.159:80
83.99.211.160:80
85.105.183.228:443
85.109.190.235:443
86.6.123.109:80
89.215.225.15:80
91.117.31.181:80
95.216.207.86:7080
95.216.212.157:8080
98.15.140.226:80

# Reference: https://twitter.com/Jouliok/status/1204348553117798400
# Reference: https://app.any.run/tasks/af64addf-eaec-4936-8ae1-49de48511547/

bigbizyou.fr

# Reference: https://www.virustotal.com/gui/file/d7fa60d982e84f82f1e310801990591ad9d518921d338e0d6045555cd9a55abb/detection

http://12.176.19.218

# Reference: https://twitter.com/luc4m/status/1204102158012100608
# Reference: https://pastebin.com/B5R4ggig

104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
125.99.61.162:7080
130.45.45.31:80
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
14.160.93.230:80
142.127.57.63:8080
142.93.114.137:8080
144.139.56.105:80
144.2.165.179:80
149.135.123.65:80
149.62.173.247:8080
159.203.204.126:8080
163.172.40.218:7080
172.104.233.225:8080
178.79.163.131:8080
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
181.36.42.205:443
181.61.143.177:80
183.82.97.25:80
185.160.212.3:80
185.86.148.222:8080
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
190.102.226.91:80
190.146.131.105:8080
190.17.42.79:80
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
190.38.14.52:80
190.4.50.26:80
190.97.30.167:990
191.103.76.34:443
2.139.158.136:443
2.38.99.79:80
2.44.167.52:80
200.119.11.118:443
200.123.101.90:80
200.124.225.32:80
200.58.83.179:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
202.186.240.165:8080
203.130.0.69:80
203.25.159.3:8080
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
217.199.160.224:8080
37.183.121.32:80
45.50.177.164:80
45.79.95.107:443
46.101.212.195:8080
46.28.111.142:7080
47.146.42.234:80
47.187.70.124:443
5.196.35.138:7080
5.88.27.67:8080
50.28.51.143:8080
51.255.165.160:8080
58.171.181.213:80
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.129.203.162:443
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
77.241.53.234:80
77.55.211.77:8080
79.31.85.103:80
80.29.54.20:80
80.85.87.122:8080
82.196.15.205:8080
82.8.232.51:80
83.165.163.225:80
85.234.143.94:8080
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.204.163.19:8090
91.205.215.57:7080
91.83.93.124:7080
93.67.154.252:443
95.179.195.74:80
96.126.121.64:443
96.20.84.254:7080
96.61.113.203:80
98.196.49.107:80

# Reference: https://app.any.run/tasks/3f80a1bc-55d1-444b-9000-327db827ef8a

cigpcl.com
http://85.152.208.146
http://68.174.15.223

# Reference: https://twitter.com/Sentry_23/status/1204371815591817216

162.241.92.219:8080

# Reference: https://twitter.com/luc4m/status/1204453473015586816
# Reference: https://pastebin.com/LPpTsymc

2.44.167.52:80
2.139.158.136:443
5.88.27.67:8080
5.196.35.138:7080
14.160.93.230:80
37.183.121.32:80
45.50.177.164:80
45.79.95.107:443
46.28.111.142:7080
46.101.212.195:8080
47.146.42.234:80
47.187.70.124:443
50.28.51.143:8080
51.255.165.160:8080
58.171.181.213:80
62.75.143.100:7080
62.75.160.178:8080
63.246.252.234:80
68.129.203.162:443
68.183.170.114:8080
68.183.190.199:8080
69.163.33.84:8080
72.29.55.174:80
73.167.135.180:80
76.221.133.146:80
77.55.211.77:8080
77.241.53.234:80
79.31.85.103:80
80.29.54.20:80
80.85.87.122:8080
82.8.232.51:80
82.196.15.205:8080
83.165.163.225:80
85.234.143.94:8080
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
87.118.70.69:8080
88.250.223.190:8080
91.83.93.124:7080
91.204.163.19:8090
91.205.215.57:7080
93.67.154.252:443
95.179.195.74:80
96.20.84.254:7080
96.61.113.203:80
96.126.121.64:443
98.196.49.107:80
104.33.129.244:80
104.131.58.132:8080
104.236.137.72:8080
109.166.89.91:80
109.169.86.13:8080
116.48.138.115:80
118.200.218.193:443
119.59.124.163:8080
125.99.61.162:7080
130.45.45.31:80
134.209.214.126:8080
138.68.106.4:7080
139.5.237.27:443
142.93.114.137:8080
142.127.57.63:8080
144.2.165.179:80
144.139.56.105:80
149.62.173.247:8080
149.135.123.65:80
159.203.204.126:8080
163.172.40.218:7080
172.90.70.168:8080
172.104.233.225:8080
178.79.163.131:8080
181.36.42.205:443
181.61.143.177:80
181.135.153.203:443
181.198.203.45:443
181.231.62.54:80
183.82.97.25:80
184.184.202.167:443
185.86.148.222:8080
185.160.212.3:80
186.15.83.52:8080
186.68.48.204:443
188.14.39.65:443
188.216.24.204:80
190.4.50.26:80
190.17.42.79:80
190.38.14.52:80
190.97.30.167:990
190.102.226.91:80
190.146.131.105:8080
190.186.164.23:80
190.195.129.227:8090
190.210.184.138:995
191.103.76.34:443
200.58.83.179:80
200.119.11.118:443
200.123.101.90:80
200.124.225.32:80
201.163.74.202:443
201.190.133.235:8080
201.213.32.59:80
202.186.240.165:8080
203.25.159.3:8080
203.130.0.69:80
204.63.252.182:443
207.154.204.40:8080
212.71.237.140:8080
217.199.160.224:8080

# Reference: https://twitter.com/pollo290987/status/1205363829678518273

/fhdr1acb63nl723f_9uy53v64/index.php

# Reference: https://twitter.com/malware_traffic/status/1205171614788313101

96.234.38.186:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1205506348936548353
# Reference: https://pastebin.com/KaWyyr31

1.33.230.137:80
100.14.117.137:80
101.187.134.207:443
101.187.247.29:80
103.86.49.11:8080
104.131.11.150:8080
104.131.44.150:8080
104.236.246.93:8080
104.237.155.168:443
105.227.35.51:80
107.170.24.125:8080
107.2.2.28:80
108.179.206.219:8080
108.191.2.72:80
110.142.38.16:80
110.143.57.109:80
110.143.84.202:80
116.48.142.21:443
12.176.19.218:80
12.229.155.122:80
120.150.246.241:80
128.65.154.183:443
138.59.177.106:443
139.130.241.252:443
144.139.247.220:80
149.202.153.252:8080
159.65.25.128:8080
165.227.156.155:443
165.228.24.197:80
167.114.242.226:8080
167.71.10.37:8080
167.99.105.223:7080
169.239.182.217:8080
173.91.11.142:80
176.106.183.253:8080
176.31.200.130:8080
178.209.71.63:8080
178.210.51.222:8080
179.13.185.19:80
181.57.193.14:80
182.176.132.213:8090
183.102.238.69:465
183.102.238.69:80
186.67.208.78:8080
186.75.241.230:80
188.152.7.140:80
189.209.217.49:80
190.12.119.180:443
190.147.215.53:22
190.220.19.82:443
190.226.44.20:21
190.53.135.159:21
192.241.255.77:8080
195.244.215.206:80
197.254.221.174:80
2.235.190.23:8080
2.38.99.79:80
200.7.243.108:443
201.173.217.124:443
201.184.105.242:443
201.251.133.92:443
206.189.112.148:8080
206.81.10.215:8080
206.81.10.215:80
209.141.54.221:8080
209.97.168.52:8080
210.6.85.121:80
211.63.71.72:8080
212.129.24.79:8080
212.64.171.206:80
217.160.182.191:8080
218.44.21.114:80
24.45.193.161:7080
31.131.182.30:80
31.172.240.91:8080
31.31.77.83:443
37.157.194.134:443
37.59.24.177:8080
45.33.49.124:443
45.51.40.140:80
45.56.88.91:443
46.105.131.87:80
47.156.70.145:80
47.6.15.79:443
47.6.15.79:80
5.196.74.210:8080
5.88.182.250:80
50.116.86.205:8080
58.171.42.66:8080
59.103.164.174:80
61.197.110.214:80
62.75.187.192:8080
64.147.15.138:80
64.53.242.181:8080
66.34.201.20:7080
66.76.63.99:80
67.225.179.64:8080
68.118.26.116:80
70.175.171.251:80
73.11.153.178:8080
73.176.241.255:80
73.214.99.25:80
74.105.102.97:8080
75.80.148.244:80
78.24.219.147:8080
80.21.182.46:80
81.0.63.86:8080
82.155.161.203:80
83.136.245.190:8080
85.72.180.68:80
86.98.156.239:443
87.106.136.232:8080
87.106.139.101:8080
87.230.19.21:8080
91.205.215.66:8080
91.73.197.90:80
92.222.216.44:8080
93.147.141.5:80
95.128.43.213:8080
98.24.231.64:80

# Reference: https://twitter.com/VK_Intel/status/1206497909858078720
# Reference: https://www.virustotal.com/gui/file/de8f44a132a0968356621c69413840b6b259e1d8c7c0708cda5e3b62be4eb787/detection

91.121.89.129:8443

# Reference: https://twitter.com/matte_lodi/status/1207575386835607552

http://63.248.198.8
proyectoin.com

# Reference: https://twitter.com/malware_traffic/status/1208205659466092544

24.181.125.62:80

# Reference: https://pastebin.com/4VENH618

1.215.28.101:8080
1.217.126.11:443
1.221.254.82:80
100.14.117.137:80
101.187.134.207:443
101.187.247.29:80
103.108.146.195:80
103.86.49.11:8080
104.131.11.150:8080
104.131.44.150:8080
104.131.58.132:8080
104.137.176.186:80
104.236.137.72:8080
104.236.246.93:8080
105.209.235.113:8080
107.170.24.125:8080
108.179.206.219:8080
108.184.9.44:80
108.191.2.72:80
108.20.69.44:80
109.169.86.13:8080
110.142.161.90:443
110.142.161.90:80
110.142.38.16:80
110.143.84.202:80
110.170.65.146:80
110.2.118.164:80
112.186.195.176:80
112.218.134.227:80
113.190.254.245:80
113.52.135.33:7080
113.61.76.239:80
114.109.179.60:80
114.179.127.48:80
115.179.91.58:80
116.48.142.21:443
118.36.70.245:80
119.59.124.163:8080
12.176.19.218:80
120.150.246.241:80
120.150.247.164:80
120.151.135.224:80
120.51.83.89:443
121.88.5.176:443
122.116.104.238:7080
124.150.175.129:8080
124.150.175.133:80
125.99.61.162:7080
128.65.154.183:443
136.243.250.34:8080
138.122.5.214:8080
138.197.140.163:8080
138.59.177.106:443
138.68.106.4:7080
139.130.241.252:443
139.130.242.43:80
139.162.118.88:8080
139.162.183.41:443
139.59.12.63:8080
14.160.93.230:80
14.161.30.33:443
14.201.35.38:80
142.93.114.137:8080
142.93.87.198:8080
144.139.247.220:80
144.139.56.105:80
144.139.91.187:80
144.217.117.207:8080
149.202.153.252:8080
149.62.173.247:8080
151.237.36.220:80
154.120.227.190:443
156.155.163.232:80
157.7.164.178:8081
158.69.167.246:8080
159.203.204.126:8080
159.65.25.128:8080
159.69.89.130:8080
160.119.153.20:80
160.16.215.66:8080
162.144.46.90:8080
163.172.40.218:7080
163.172.97.112:8080
165.100.148.200:8080
165.227.156.155:443
165.228.195.93:80
167.71.10.37:8080
167.99.105.223:7080
168.235.67.138:8080
168.235.82.183:8080
169.239.182.217:8080
172.104.70.207:8080
173.12.14.133:8080
173.21.26.90:80
173.247.19.238:80
173.66.96.135:80
173.91.11.142:80
174.77.190.137:8080
174.81.132.128:80
175.103.239.50:80
175.114.178.83:443
175.127.140.68:80
176.106.183.253:8080
176.31.200.130:8080
176.58.93.123:80
177.103.159.44:80
177.103.240.93:80
177.144.130.105:443
177.180.115.224:80
177.242.21.126:80
177.34.142.163:80
178.134.1.238:80
178.153.176.124:80
178.210.51.222:8080
178.237.139.83:8080
178.32.255.133:443
178.63.78.150:8080
178.79.163.131:8080
179.13.185.19:80
179.159.198.70:80
179.208.84.218:8080
179.5.118.12:8080
180.33.6.136:443
180.92.239.110:8080
181.10.204.106:80
181.126.70.117:80
181.167.35.84:80
181.196.27.123:80
181.198.203.45:443
181.231.220.232:80
181.36.42.205:443
181.53.29.136:8080
181.61.143.177:80
182.176.116.139:995
182.176.132.213:8090
182.187.137.199:8080
183.101.175.193:80
183.102.238.69:465
183.87.40.21:8080
183.99.239.141:80
184.167.148.162:80
185.144.138.190:80
185.160.212.3:80
185.160.229.26:80
185.192.75.240:443
185.244.167.25:443
185.86.148.222:8080
186.15.83.52:8080
186.177.174.163:80
186.4.172.5:8080
186.67.208.78:8080
186.68.48.204:443
186.75.241.230:80
186.84.173.136:8080
187.188.166.192:8080
187.250.92.82:80
187.54.225.76:80
187.72.47.161:443
188.0.135.237:80
188.135.15.49:80
188.152.7.140:80
188.216.24.204:80
188.218.104.226:80
188.251.213.180:443
189.159.115.178:8080
189.19.81.181:443
189.201.197.98:8080
189.203.177.41:443
189.225.211.171:443
189.26.118.194:80
189.61.200.9:443
190.100.153.162:443
190.115.18.139:8080
190.117.226.104:80
190.12.119.180:443
190.151.5.130:443
190.161.180.184:80
190.161.67.63:80
190.162.159.212:80
190.17.44.48:80
190.17.94.108:443
190.171.135.235:80
190.171.153.139:80
190.186.164.23:80
190.189.224.117:443
190.201.144.85:7080
190.210.184.138:995
190.210.236.139:80
190.219.149.236:80
190.220.19.82:443
190.231.210.35:80
190.231.42.130:80
190.38.152.143:80
190.38.252.45:443
190.47.236.83:80
190.5.162.204:80
190.53.135.159:21
190.55.181.54:443
190.74.246.158:8080
190.93.210.113:80
191.100.24.201:50000
191.103.76.34:443
191.183.21.190:80
192.161.190.171:8080
192.163.221.191:7080
192.210.217.94:8080
192.241.146.84:8080
192.241.220.183:8080
192.241.241.221:443
192.241.255.77:8080
193.33.38.208:443
195.201.56.70:8080
195.244.215.206:80
197.94.32.129:8080
198.199.112.197:8080
198.46.150.196:7080
198.57.217.170:7080
2.235.190.23:8080
2.237.76.249:80
2.38.99.79:80
2.42.173.240:80
2.45.112.134:80
2.47.112.72:80
200.114.167.85:80
200.116.145.225:443
200.119.11.118:443
200.123.183.137:443
200.124.225.32:80
200.21.90.5:443
200.41.121.69:443
200.45.187.90:80
200.55.53.7:80
200.58.83.179:80
200.82.170.231:80
200.82.88.254:80
201.137.247.222:443
201.173.217.124:443
201.183.251.100:80
201.184.105.242:443
201.196.15.79:990
201.213.32.59:80
202.62.39.111:80
203.124.57.50:80
203.130.0.69:80
203.153.216.178:7080
203.160.173.202:80
203.25.159.3:8080
206.189.112.148:8080
206.81.10.215:8080
207.154.204.40:8080
209.141.54.221:8080
209.146.22.34:443
209.97.168.52:8080
210.111.160.220:80
210.171.146.118:80
210.224.65.117:80
210.6.85.121:80
211.42.204.154:80
211.48.165.9:443
211.63.71.72:8080
212.112.113.235:80
212.129.14.27:8080
212.237.50.61:8080
212.253.82.142:443
212.71.237.140:8080
216.251.83.79:80
216.75.37.196:8080
217.12.70.226:80
217.160.182.191:8080
217.181.139.237:443
217.199.160.224:8080
219.75.66.103:80
219.78.255.48:80
220.255.57.31:80
220.78.29.88:80
221.154.59.110:80
223.255.148.134:80
23.253.207.142:8080
24.105.202.216:443
24.181.125.62:80
24.28.178.71:80
24.94.237.248:80
31.172.240.91:8080
31.177.54.196:443
31.31.77.83:443
37.120.185.153:443
37.157.194.134:443
37.187.6.63:8080
37.46.129.215:8080
37.59.24.177:8080
37.59.24.25:8080
37.70.131.107:80
41.111.190.94:80
41.185.29.128:8080
41.60.200.34:80
41.77.74.214:443
42.51.192.231:8080
45.33.49.124:443
45.51.40.140:80
45.79.95.107:443
45.8.136.201:80
46.101.212.195:8080
46.101.7.140:8080
46.105.131.68:8080
46.105.131.87:80
46.17.6.116:8080
46.216.60.138:80
46.28.111.142:7080
46.32.229.152:8080
47.149.28.234:80
47.153.183.211:80
47.156.70.145:80
47.6.15.79:443
47.6.15.79:80
5.154.58.24:80
5.178.245.100:80
5.189.148.98:8080
5.196.35.138:7080
5.196.74.210:8080
5.32.55.214:80
5.88.27.67:8080
50.116.78.109:8080
50.116.86.205:8080
50.28.51.143:8080
51.159.23.217:443
51.255.165.160:8080
51.38.134.203:8080
51.77.113.97:8080
58.162.218.151:80
58.171.38.26:80
58.171.42.66:8080
58.185.224.18:80
59.103.164.174:80
59.120.5.154:80
59.148.227.190:80
59.158.164.66:443
59.8.197.241:80
60.231.217.199:8080
62.138.26.28:8080
62.15.36.103:443
62.75.143.100:7080
62.75.160.178:8080
62.75.187.192:8080
63.248.198.8:80
64.147.15.138:80
64.53.242.181:8080
66.209.97.122:8080
66.229.161.86:443
66.25.34.20:80
66.34.201.20:7080
67.225.179.64:8080
67.254.196.78:443
68.118.26.116:80
68.174.15.223:80
68.183.170.114:8080
68.183.190.199:8080
68.187.160.28:443
69.14.208.221:80
69.163.33.84:8080
69.30.205.162:7080
70.169.53.234:80
70.175.171.251:80
70.46.247.81:80
71.83.82.123:8080
72.27.212.209:8080
72.29.55.174:80
72.51.153.27:80
73.11.153.178:8080
73.214.99.25:80
73.217.39.73:80
73.60.8.210:80
74.105.102.97:8080
74.79.103.55:80
75.127.72.18:8080
75.86.6.174:80
76.164.99.46:80
77.55.211.77:8080
78.186.102.195:80
78.189.165.52:8080
78.189.60.109:443
78.210.132.35:80
78.24.219.147:8080
78.46.87.133:8080
79.159.249.152:80
79.7.114.1:80
79.7.158.208:80
80.11.158.65:8080
81.82.247.216:80
82.146.55.23:7080
82.165.15.188:8080
82.196.15.205:8080
82.27.181.93:80
82.79.244.92:80
82.8.232.51:80
83.156.88.159:80
83.165.78.227:80
83.248.141.198:80
85.100.122.211:80
85.109.190.235:443
85.152.174.56:80
85.152.208.146:80
85.235.219.74:80
85.67.10.190:80
86.42.166.147:80
86.98.156.239:443
87.106.136.232:8080
87.106.139.101:8080
87.106.46.107:8080
87.106.77.40:7080
87.230.19.21:8080
87.9.181.247:80
88.247.26.78:80
88.248.140.80:80
88.249.120.205:80
88.249.181.198:443
89.215.225.15:80
91.117.131.122:80
91.117.159.233:80
91.117.31.181:80
91.117.83.59:80
91.191.206.60:443
91.205.173.150:8080
91.205.215.57:7080
91.205.215.66:443
91.73.197.90:80
91.74.175.46:80
91.83.93.103:443
91.83.93.124:7080
92.16.222.156:80
92.222.216.44:8080
93.144.226.57:80
93.147.141.5:80
94.200.114.162:80
94.200.126.42:80
94.203.236.122:80
95.128.43.213:8080
95.130.37.244:443
95.216.207.86:7080
95.216.212.157:8080
95.9.217.200:8080
96.61.113.203:80
97.120.32.227:80
98.15.140.226:80
98.156.206.153:80
98.178.241.106:80
98.30.113.161:80
99.252.27.6:80

# Reference: https://twitter.com/luc4m/status/1217152651046948864
# Reference: https://pastebin.com/KGF4uy28

104.131.58.132:8080
109.169.86.13:8080
110.142.161.90:443
110.170.65.146:80
113.190.254.245:80
113.61.76.239:80
114.109.179.60:80
118.36.70.245:80
119.59.124.163:8080
120.150.247.164:80
125.99.61.162:7080
138.68.106.4:7080
139.162.118.88:8080
14.160.93.230:80
14.201.35.38:80
142.93.114.137:8080
144.139.56.105:80
149.62.173.247:8080
151.237.36.220:80
151.80.142.33:80
152.231.89.226:80
159.65.241.220:8080
165.228.195.93:80
172.104.169.32:8080
175.114.178.83:443
177.103.159.44:80
177.242.21.126:80
177.34.142.163:80
177.92.14.34:80
178.79.163.131:8080
179.208.84.218:8080
181.10.204.106:80
181.129.96.162:990
181.167.96.215:80
181.231.220.232:80
181.30.61.163:443
181.30.61.163:80
181.36.42.205:443
185.160.212.3:80
185.160.229.26:80
185.86.148.222:8080
185.94.252.12:80
186.15.52.123:80
186.15.83.52:8080
186.68.48.204:443
187.188.166.192:8080
187.54.225.76:80
188.135.15.49:80
189.19.81.181:443
189.201.197.98:8080
189.26.118.194:80
190.100.153.162:443
190.151.5.130:443
190.17.44.48:80
190.186.164.23:80
190.191.82.216:80
190.195.129.227:8090
190.210.184.138:995
190.210.236.139:80
190.219.149.236:80
191.103.76.34:443
191.183.21.190:80
192.241.143.52:8080
192.241.146.84:8080
2.42.173.240:80
2.45.112.134:80
2.47.112.72:80
200.123.183.137:443
200.45.187.90:80
200.55.53.7:80
200.58.83.179:80
201.213.100.141:8080
201.213.32.59:80
202.62.39.111:80
203.130.0.69:80
203.25.159.3:8080
207.154.204.40:8080
212.71.237.140:8080
216.251.83.79:80
217.199.160.224:8080
37.120.185.153:443
37.187.6.63:8080
45.79.95.107:443
45.8.136.201:80
46.101.212.195:8080
46.28.111.142:7080
5.196.35.138:7080
5.88.27.67:8080
50.28.51.143:8080
58.162.218.151:80
58.171.38.26:80
59.120.5.154:80
62.15.36.103:443
62.75.143.100:7080
62.75.160.178:8080
63.248.198.8:80
68.174.15.223:80
68.183.170.114:8080
68.183.190.199:8080
68.187.160.28:443
69.163.33.84:8080
72.29.55.174:80
76.69.26.71:80
77.55.211.77:8080
79.7.114.1:80
79.7.158.208:80
80.11.158.65:8080
81.16.1.45:80
81.213.78.151:443
82.196.15.205:8080
82.8.232.51:80
83.165.78.227:80
85.105.241.192:80
86.123.138.76:80
86.42.166.147:80
87.106.46.107:8080
87.106.77.40:7080
89.211.114.203:80
91.117.159.233:80
91.205.215.57:7080
91.74.175.46:80
93.144.226.57:80
94.176.234.118:443
94.200.126.42:80
96.61.113.203:80
97.120.32.227:80
99.252.27.6:80

# Reference: https://twitter.com/DFNCERT/status/1218190294769971203
# Reference: https://app.any.run/tasks/59210c37-fda8-41a6-8ab1-0b2eee9d2145/

68.172.243.146:80

# Reference: https://pastebin.com/iniJV48S

1.217.126.11:443
1.221.254.82:80
105.209.235.113:8080
106.248.79.174:80
110.142.161.90:80
110.2.118.164:80
112.186.195.176:80
114.179.127.48:80
122.116.104.238:7080
122.176.116.57:443
122.19.63.27:80
124.150.175.133:80
125.209.114.180:443
139.59.12.63:8080
14.161.30.33:443
142.93.87.198:8080
144.139.91.187:80
144.76.56.36:8080
149.202.153.251:8080
154.73.137.131:80
156.155.163.232:80
157.7.164.178:8081
158.69.167.246:8080
160.119.153.20:80
160.226.171.255:443
162.144.46.90:8080
163.172.107.70:8080
176.58.93.123:80
177.103.240.93:80
177.144.130.105:443
178.33.167.120:8080
179.5.118.12:8080
180.16.248.25:80
181.196.27.123:80
181.39.96.86:443
181.53.29.136:8080
182.176.116.139:995
183.82.123.60:443
183.87.40.21:8080
183.91.3.63:80
185.207.57.205:443
186.147.245.204:80
186.223.86.136:443
186.84.173.136:8080
187.177.155.123:990
187.72.47.161:443
188.251.213.180:443
190.17.94.108:443
190.171.153.139:80
190.201.144.85:7080
190.5.162.204:80
190.93.210.113:80
192.210.217.94:8080
192.241.220.183:8080
192.241.241.221:443
195.201.56.70:8080
196.6.119.137:80
197.94.32.129:8080
200.82.88.254:80
201.183.251.100:80
203.124.57.50:80
203.153.216.178:7080
211.20.154.102:80
211.229.116.130:80
212.112.113.235:80
212.129.14.27:8080
216.75.37.196:8080
220.247.70.174:80
23.253.207.142:8080
24.141.12.228:80
24.70.40.15:8080
37.46.129.215:8080
41.215.79.182:80
41.77.74.214:443
42.51.192.231:8080
46.17.6.116:8080
46.32.229.152:8080
5.178.245.100:80
5.196.200.208:8080
50.116.78.109:8080
51.38.134.203:8080
51.77.113.97:8080
58.185.224.18:80
58.92.179.55:443
59.135.126.129:443
60.130.173.117:80
60.152.212.149:80
61.204.119.188:443
61.221.152.140:80
67.254.196.78:443
69.14.208.221:80
70.45.30.28:80
72.27.212.209:8080
75.127.14.170:8080
75.86.6.174:80
76.11.76.47:80
76.185.136.132:80
76.87.58.38:80
77.74.78.80:443
78.101.95.172:80
78.186.102.195:80
78.188.170.128:80
78.189.165.52:8080
78.189.60.109:443
78.210.132.35:80
78.46.87.133:8080
80.211.32.88:8080
81.82.247.216:80
82.146.55.23:7080
82.165.15.188:8080
85.100.122.211:80
85.109.190.235:443
88.225.230.33:80
88.247.53.159:443
88.248.140.80:80
88.249.181.198:443
89.215.225.15:80
91.117.131.122:80
91.117.31.181:80
91.73.169.210:80
91.83.93.103:443
95.130.37.244:443
95.216.207.86:7080
95.9.217.200:8080
98.15.140.226:80
98.178.241.106:80
98.192.74.164:80

# Reference: https://app.any.run/tasks/9056d965-915a-498a-83bc-a750fc0389f2/
# Reference: https://www.virustotal.com/gui/ip-address/98.199.196.197/relations
# Reference: https://www.virustotal.com/gui/ip-address/188.85.143.170/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.223.215.190/relations

98.199.196.197:80
188.85.143.170:80
195.223.215.190:80
testtaglabel.com/wp-includes/LqYA88863/
xishicanting.com/wp-admin/jIx/

# Reference: https://app.any.run/tasks/881f5580-7cee-4156-bc70-d9592d526345/
# Reference: https://www.virustotal.com/gui/ip-address/113.61.76.239/relations
# Reference: https://www.virustotal.com/gui/ip-address/68.62.245.148/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.242.136.103/relations

salman.vetkare.com/dashboard/ccABOH4/
113.61.76.239:80
68.62.245.148:80
91.242.136.103:80

# Reference: https://twitter.com/Jouliok/status/1219952503032250368
# Reference: https://app.any.run/tasks/4092920b-325b-494e-b00e-edc0b494c2d8/
# Reference: https://www.virustotal.com/gui/ip-address/68.114.229.171/relations
# Reference: https://www.virustotal.com/gui/ip-address/74.101.225.121/relations

68.114.229.171:80
74.101.225.121:80
74.101.225.121:443

# Reference: https://www.virustotal.com/gui/ip-address/72.186.137.156/relations

72.186.137.156:80

# Reference: https://www.virustotal.com/gui/ip-address/66.7.242.50/relations

66.7.242.50:80
66.7.242.50:8080

# Reference: https://twitter.com/gibbersen/status/1220405804106420225

186.177.165.196:443

# Reference: https://www.virustotal.com/gui/ip-address/177.103.157.126/relations

177.103.157.126:80

# Reference: https://app.any.run/tasks/effd2c56-edcc-4ae8-9643-7265de85ceea/
# Reference: https://app.any.run/tasks/8e35de27-f9d8-4d2f-bb83-7cad61d10e69/

70.184.9.39:8080
108.6.140.26:80
207.180.227.229:8080

# Reference: https://pastebin.com/E2VjnVCx

167.71.10.37:8080
37.157.194.134:443
217.199.160.224:8080
192.241.255.77:8080
31.31.77.83:443
108.191.2.72:80
185.160.212.3:80
70.175.171.251:80
67.254.196.78:443
66.34.201.20:7080
37.46.129.215:8080
79.7.114.1:80
110.143.84.202:80
110.2.118.164:80
203.153.216.178:7080
45.8.136.201:80
217.12.70.226:80
190.17.94.108:443
82.165.15.188:8080
165.228.195.93:80
187.188.166.192:8080
181.231.220.232:80
98.156.206.153:80
173.21.26.90:80
200.55.53.7:80
91.117.159.233:80
110.142.161.90:443
173.66.96.135:80
47.153.183.211:80
41.60.200.34:80
98.30.113.161:80
79.159.249.152:80
189.203.177.41:443
190.117.226.104:80
70.169.53.234:80
91.73.169.210:80
200.82.88.254:80
85.105.241.192:80
27.109.153.201:8090
41.215.79.182:80
106.248.79.174:80
77.74.78.80:443
172.104.169.32:8080
91.250.96.22:8080
95.213.236.64:8080
66.7.242.50:8080
72.186.137.156:80
197.89.27.26:8080
115.95.6.218:443
61.204.119.188:443
70.123.95.180:80
201.236.135.104:443
61.37.31.243:80
189.159.112.237:8080
76.104.80.47:80
64.66.6.71:8080
115.65.111.148:443
104.131.44.150:8080
78.24.219.147:8080
92.222.216.44:8080
46.105.131.87:80
182.176.132.213:8090
211.63.71.72:8080
5.196.74.210:8080
104.236.246.93:8080
87.106.139.101:8080
87.106.136.232:8080
190.53.135.159:21
149.202.153.252:8080
62.75.187.192:8080
45.33.49.124:443
95.128.43.213:8080
159.65.25.128:8080
31.172.240.91:8080
201.184.105.242:443
59.103.164.174:80
104.131.11.150:8080
169.239.182.217:8080
217.160.182.191:8080
87.230.19.21:8080
176.58.93.123:80
192.241.220.183:8080
216.75.37.196:8080
95.216.207.86:7080
212.112.113.235:80
157.7.164.178:8081
51.38.134.203:8080
68.183.190.199:8080
178.79.163.131:8080
87.106.77.40:7080
62.75.143.100:7080
62.75.160.178:8080
203.25.159.3:8080
138.68.106.4:7080
149.62.173.247:8080
91.83.93.124:7080
212.71.237.140:8080
181.29.101.13:8080
185.86.148.222:8080
86.42.166.147:80
181.36.42.205:443
68.183.170.114:8080
119.59.124.163:8080
50.28.51.143:8080
82.196.15.205:8080
5.196.35.138:7080
46.28.111.142:7080
125.99.61.162:7080
151.80.142.33:80
91.205.215.57:7080
77.55.211.77:8080
109.169.86.13:8080
78.186.5.109:443
190.17.44.48:80
200.58.83.179:80
159.65.241.220:8080
186.15.83.52:8080
64.53.242.181:8080
70.45.30.28:80
149.202.153.251:8080
46.105.131.69:443
46.32.229.152:8080
89.32.150.160:8080
105.247.123.133:8080
41.185.29.128:8080
69.163.33.84:8080
45.79.95.107:443
23.253.207.142:8080
172.104.70.207:8080
201.213.32.59:80
211.229.116.130:80
183.102.238.69:465
142.93.87.198:8080
142.93.114.137:8080
207.154.204.40:8080
190.210.184.138:995
217.160.19.232:8080
187.177.155.123:990
50.116.78.109:8080
78.46.87.133:8080
46.17.6.116:8080
162.144.46.90:8080
212.129.14.27:8080
190.195.129.227:8090
203.130.0.69:80
209.97.168.52:8080
50.116.86.205:8080
182.176.116.139:995
206.189.112.148:8080
206.81.10.215:8080
190.186.164.23:80
186.68.48.204:443
191.103.76.34:443
50.63.13.135:8080
144.139.56.105:80
195.244.215.206:80
120.150.246.241:80
91.73.197.90:80
72.27.212.209:8080
190.12.119.180:443
201.183.251.100:80
190.5.162.204:80
108.179.206.219:8080
69.30.205.162:7080
210.111.160.220:80
192.210.217.94:8080
81.82.247.216:80
82.79.244.92:80
89.215.225.15:80
72.29.55.174:80
188.216.24.204:80
82.8.232.51:80
5.88.27.67:8080
87.106.46.107:8080
110.142.161.90:80
78.186.102.195:80
139.130.241.252:443
58.171.42.66:8080
210.6.85.121:80
201.173.217.124:443
98.15.140.226:80
41.77.74.214:443
91.117.31.181:80
85.109.190.235:443
209.141.54.221:8080
73.11.153.178:8080
68.174.15.223:80
2.42.173.240:80
47.156.70.145:80
175.127.140.68:80
139.59.12.63:8080
185.244.167.25:443
158.69.167.246:8080
42.51.192.231:8080
91.74.175.46:80
139.162.118.88:8080
37.120.185.153:443
192.241.146.84:8080
103.86.49.11:8080
94.200.114.162:80
47.6.15.79:80
47.6.15.79:443
91.117.131.122:80
177.103.240.93:80
179.13.185.19:80
190.220.19.82:443
88.247.26.78:80
82.146.55.23:7080
37.70.131.107:80
51.77.113.97:8080
113.61.76.239:80
80.11.158.65:8080
99.252.27.6:80
58.185.224.18:80
95.9.217.200:8080
85.152.174.56:80
2.237.76.249:80
91.205.215.66:443
69.14.208.221:80
156.155.163.232:80
185.192.75.240:443
190.100.153.162:443
188.135.15.49:80
85.67.10.190:80
177.144.130.105:443
189.19.81.181:443
2.45.112.134:80
195.223.215.190:80
151.237.36.220:80
121.88.5.176:443
160.16.215.66:8080
62.138.26.28:8080
120.151.135.224:80
178.237.139.83:8080
190.93.210.113:80
197.94.32.129:8080
112.186.195.176:80
191.183.21.190:80
175.114.178.83:443
93.144.226.57:80
58.171.38.26:80
37.187.6.63:8080
110.170.65.146:80
24.105.202.216:443
24.94.237.248:80
98.178.241.106:80
190.171.153.139:80
179.5.118.12:8080
177.242.21.126:80
190.210.236.139:80
200.123.183.137:443
202.62.39.111:80
114.109.179.60:80
113.190.254.245:80
181.10.204.106:80
85.100.122.211:80
78.189.165.52:8080
88.248.140.80:80
105.209.235.113:8080
95.130.37.244:443
45.73.157.243:8080
216.251.83.79:80
62.15.36.103:443
58.162.218.151:80
201.213.100.141:8080
14.201.35.38:80
94.200.126.42:80
59.120.5.154:80
79.7.158.208:80
120.150.247.164:80
188.218.104.226:80
200.82.170.231:80
177.103.159.44:80
189.201.197.98:8080
2.47.112.72:80
190.191.82.216:80
190.219.149.236:80
47.180.91.213:80
181.143.126.170:80
186.86.247.171:443
5.32.55.214:80
200.21.90.5:443
181.126.70.117:80
139.130.242.43:80
223.197.185.60:80
88.249.120.205:80
188.0.135.237:80
180.92.239.110:8080
178.153.176.124:80
190.55.181.54:443
200.116.145.225:443
60.231.217.199:8080
209.146.22.34:443
196.6.119.137:80
1.217.126.11:443
1.221.254.82:80
78.210.132.35:80
203.124.57.50:80
75.86.6.174:80
91.83.93.103:443
78.189.60.109:443
122.116.104.238:7080
144.139.91.187:80
181.196.27.123:80
183.87.40.21:8080
195.201.56.70:8080
188.251.213.180:443
192.241.241.221:443
160.119.153.20:80
14.161.30.33:443
187.72.47.161:443
181.30.61.163:80
186.15.52.123:80
81.213.78.151:443
204.225.249.100:7080
185.94.252.12:80
24.164.79.147:8080
190.117.126.169:80
221.165.123.72:80
37.187.72.193:8080
110.36.217.66:8080
190.146.205.227:8080
183.91.3.63:80
183.82.123.60:443
185.207.57.205:443
125.209.114.180:443
154.73.137.131:80
181.39.96.86:443
60.130.173.117:80
163.172.107.70:8080
5.196.200.208:8080
160.226.171.255:443
82.145.43.153:8080
61.221.152.140:80
122.176.116.57:443
75.127.14.170:8080
78.188.170.128:80
152.231.89.226:80
86.123.138.76:80
192.241.143.52:8080
76.69.26.71:80
200.45.187.90:80
181.167.96.215:80
181.129.96.162:990
81.16.1.45:80
94.176.234.118:443
177.239.160.121:80
78.189.180.107:80
201.229.45.222:8080
105.27.155.182:80
205.185.117.108:8080
62.75.141.82:80
186.147.245.204:80
60.152.212.149:80
88.247.53.159:443
70.184.69.146:80
186.177.165.196:443
139.47.135.215:80
129.205.201.163:80
151.231.7.154:80
78.142.114.69:80
24.141.12.228:80
76.11.76.47:80
220.247.70.174:80
24.196.49.98:80
93.147.141.5:443
72.189.57.105:80
73.239.11.159:80
82.152.149.79:80
186.200.205.170:80
68.172.243.146:80
64.40.250.5:80
101.187.134.207:8080
181.13.24.82:80
101.187.197.33:443
178.20.74.212:80
103.97.95.218:80
60.250.78.22:443
118.185.7.132:80
58.92.179.55:443
180.16.248.25:80
186.223.86.136:443
98.199.196.197:80
100.6.23.40:80
200.71.200.4:443
190.114.244.182:443
190.143.39.231:80
90.69.145.210:8080
101.187.237.217:80
98.192.74.164:80
59.135.126.129:443
24.70.40.15:8080
178.33.167.120:8080
144.76.56.36:8080
88.225.230.33:80
153.183.25.24:80
153.137.36.142:80
182.74.249.74:80
68.62.245.148:80
91.242.136.103:80
76.104.80.47:443
74.130.83.133:80
85.105.205.77:8080
87.81.51.125:80
202.175.121.202:8090
176.9.43.37:8080
5.199.130.105:7080
190.131.167.50:80
124.99.167.65:443
68.114.229.171:80
74.101.225.121:443
152.168.248.128:443
211.192.153.224:80
81.214.253.80:443
180.33.71.88:80
175.181.7.188:80
37.211.67.229:80
177.103.157.126:80
203.45.161.179:443
73.125.15.41:80
185.243.92.42:8080
75.114.235.105:80
78.101.70.199:443
42.200.226.58:80
45.55.65.123:8080
99.229.254.209:80
190.63.7.166:8080
81.214.142.115:80
186.138.186.74:443
190.24.243.186:80
175.139.209.3:8080
108.6.140.26:80
70.184.9.39:8080
222.144.13.169:80
189.212.199.126:443
72.176.87.136:80
150.246.246.238:80
202.229.211.95:80

# Reference: https://app.any.run/tasks/d5d42b37-39d3-4c1d-81f0-f6df25ae4bf9/

195.250.143.182:80
rahatsozluk.com

# Reference: https://app.any.run/tasks/78465443-f40b-48eb-a4ba-9189953a96a2/

190.6.193.152:8080
200.69.224.73:80

# Reference: https://app.any.run/tasks/4d39b07f-4ea9-40ed-a379-e29bc6b924c0/

71.197.197.100:80
24.167.122.146:8080

# Reference: https://app.any.run/tasks/fcc29969-14fe-40d0-b556-167453c0d7b1/
# Reference: https://www.virustotal.com/gui/ip-address/71.126.247.90/relations
# Reference: https://www.virustotal.com/gui/ip-address/98.239.119.52/relations

104.236.28.47:8080
71.126.247.90:80
80.86.91.91:8080
98.239.119.52:80

# Reference: https://twitter.com/malwrhunterteam/status/1226219678579777536

193.26.217.243:443
45.79.223.161:443

# Reference: https://www.virustotal.com/gui/domain/movin.cloud/relations

movin.cloud

# Reference: https://twitter.com/VK_Intel/status/1229512005591207936
# Reference: https://www.virustotal.com/gui/file/2dfc4c92635a2a86c8d70dc0931547f183467038dd95c857d374bdcb107a7d6b/detection

machunion.com/kajsdfogijoig

# Reference: https://twitter.com/James_inthe_box/status/1229520603020873728
# Reference: https://app.any.run/tasks/19018714-6f35-4a7b-9aa7-5783f8bc208b/

mappingskills.com/msdlfkbdkfjb

# Reference: https://app.any.run/tasks/e2544e05-649d-4ef4-8490-26d503c0cf69/

72.44.93.233:8080

# Reference: https://otx.alienvault.com/pulse/5e4e6a0d94a95ceef6df9cec
# Reference: https://www.virustotal.com/gui/ip-address/70.187.114.147/relations

70.187.114.147:80
91.205.215.10:7080
91.205.215.10:80
houloul.org
usaa-unlock.net
shabon.co
usaa-unlock.com

# Reference: https://app.any.run/tasks/edb01a6a-5e48-43f3-833a-e2fb000fbc31/

66.209.97.122:8080
174.77.190.137:8080

# Reference: https://twitter.com/seguridadyredes/status/1234215349454876672/photo/1
# Reference: https://www.virustotal.com/gui/ip-address/51.77.113.102/relations

http://51.77.113.102

# Reference: https://twitter.com/Bitterman59/status/1233487861082677249

arcelik.servisimerkezim.com

# Reference: https://www.virustotal.com/gui/file/fa99feb493d26c540fa722f044930534417a92ddb9b3e3b994702416bce27f38/behavior/Dr.Web%20vxCube

monodoze.com/wp-content/SSlWN/
smartelecttronix.com/wp-includes/pHtVW/
puntoprecisoapp.com/ypb/C3p/
puntoprecisoapp.com/fORZa/ypb/C3p/
tomsnyder.net/Factures/ed/
puntoprecisoapp.com/pSgNQ/ypb/C3p/
themauritiustour.com/9fuc5ls/oPkA/
puntoprecisoapp.com/NRXVg/ypb/C3p/
puntoprecisoapp.com/OQWRh/ypb/C3p/

# Reference: https://www.virustotal.com/gui/domain/blueombrehairstyle.site/relations

blueombrehairstyle.site/wp-admin/WTwFtrmTPyVSnESPjOoYOLtaIc

# Reference: https://www.virustotal.com/gui/file/8ef3a86989c9654cd7b0914ab743459ad98702ea960612c66e331f858a791eb0/behavior/Lastline

uccn.bru.ac.th/wp-content/rfaa0u4/

# Reference: https://app.any.run/tasks/db8063d7-b17b-4d40-88f1-9b4212a48a97/
# Reference: https://www.virustotal.com/gui/ip-address/68.202.51.4/relations

http://68.202.51.4

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Dropper.Emotet-7600941-0)
# Reference: https://www.virustotal.com/gui/ip-address/104.32.141.43/relations
# Reference: https://www.virustotal.com/gui/ip-address/181.61.224.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/189.201.197.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/212.174.57.124/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.75.37.196/relations
# Reference: https://www.virustotal.com/gui/ip-address/74.105.51.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.108.158.234/relations

http://104.32.141.43
http://181.61.224.26
http://189.201.197.106
http://216.75.37.196
http://212.174.57.124
http://74.105.51.75
http://89.108.158.234
189.201.197.106:8080
212.174.57.124:8080
74.105.51.75:8080
89.108.158.234:8080

# Reference: https://twitter.com/tosscoinwitcher/status/1237223974750191616

42.115.22.145:80
95.85.22.63:443

# Reference: https://twitter.com/tosscoinwitcher/status/1237067625106030594
# Reference: https://www.virustotal.com/gui/ip-address/104.236.52.89/relations

http://104.236.52.89
104.236.52.89:8080

# Reference: https://twitter.com/tosscoinwitcher/status/1237469398740303873
# Reference: https://twitter.com/tosscoinwitcher/status/1237499336021299202
# Reference: https://www.virustotal.com/gui/ip-address/1.163.163.199/relations
# Reference: https://www.virustotal.com/gui/file/ed58cad9049c6c4af8029a5f4d087857be4306bcc0b4b3739c74f6caf0a458c8/detection

http://1.163.163.199
http://165.255.105.53

# Reference: https://paste.cryptolaemus.com/emotet/2020/03/12/emotet-c2-rsa-update-03-12-20-1.html

1.163.163.199:80
101.187.97.173:80
102.182.145.130:80
102.22.62.71:80
103.205.177.228:443
103.31.232.93:443
103.61.109.13:80
103.97.95.221:80
104.131.103.37:8080
104.131.11.150:443
104.131.41.185:8080
104.236.161.64:8080
104.238.80.237:8080
104.32.141.43:80
105.224.209.135:443
107.184.91.187:80
109.236.109.159:8080
110.145.124.178:443
110.145.77.103:80
110.37.226.196:80
110.44.113.2:8080
111.67.12.221:8080
112.68.240.21:80
113.160.180.109:80
113.160.235.179:8080
113.160.88.86:443
113.161.148.81:80
113.61.66.94:80
115.65.111.148:80
115.75.6.2:443
115.79.195.246:80
116.73.14.186:80
116.90.228.177:80
116.90.229.22:80
117.2.133.44:443
117.7.236.115:80
118.200.116.83:80
118.69.70.109:80
118.69.71.14:80
12.162.84.2:8080
120.150.142.241:80
120.150.76.215:80
120.151.194.117:80
122.116.104.238:8080
124.150.175.133:443
125.63.106.22:80
130.204.245.137:80
132.248.38.158:80
133.208.252.149:80
136.243.205.112:7080
14.141.203.150:80
14.161.6.60:80
143.0.87.101:80
148.102.77.148:80
152.169.32.195:80
152.170.108.99:443
152.170.196.157:443
152.32.78.6:80
153.160.71.129:53
153.174.73.130:80
154.120.227.190:20
154.120.227.190:80
156.67.114.199:80
161.18.233.114:80
162.255.112.157:443
163.53.180.227:80
164.77.130.222:80
164.77.131.165:80
165.255.105.53:80
168.235.67.138:7080
173.66.242.48:80
173.79.107.84:80
177.139.131.143:443
177.144.135.2:80
177.188.121.26:443
177.6.166.4:80
177.66.190.130:80
177.72.13.80:80
178.62.75.204:8080
179.184.65.222:80
179.232.65.117:80
179.5.118.12:80
181.122.172.67:8080
181.13.24.83:443
181.16.18.72:8080
181.164.25.59:80
181.167.53.79:443
181.225.24.251:80
181.230.116.163:80
181.31.211.181:80
181.54.182.135:80
181.56.163.152:80
181.60.247.8:443
181.61.224.26:80
182.71.222.187:80
182.73.199.226:8080
183.131.156.10:7080
183.91.15.80:8080
185.135.109.128:80
185.155.20.82:80
185.160.212.5:80
185.94.252.104:443
185.94.252.27:443
186.10.92.114:80
186.138.210.130:80
186.167.16.242:80
186.189.228.84:80
186.3.185.206:80
186.3.232.68:80
186.33.141.88:80
187.162.250.23:80
187.188.163.98:80
187.212.208.8:8080
187.241.28.114:80
187.51.47.26:80
189.1.185.248:80
189.14.80.194:443
189.220.246.167:80
189.42.145.34:80
190.111.215.3:8080
190.117.226.104:443
190.128.90.22:80
190.13.215.114:80
190.147.137.153:443
190.17.195.202:80
190.190.134.145:80
190.190.26.188:80
190.194.151.145:80
190.2.31.172:80
190.247.9.40:443
190.57.130.142:443
190.79.103.57:80
195.82.165.181:20
197.94.32.129:20
198.211.121.27:8080
198.58.119.85:8080
199.83.161.218:80
200.108.250.176:80
200.116.191.114:80
200.123.150.89:443
200.123.183.137:80
200.41.121.90:80
200.58.180.130:80
200.7.243.109:443
200.85.110.240:8080
201.155.204.151:80
201.17.193.151:443
202.175.121.202:8443
202.52.247.178:80
203.122.18.234:8080
203.153.216.182:7080
210.56.10.58:80
211.184.5.163:443
211.20.154.102:443
212.174.19.87:80
216.132.25.162:80
220.128.125.18:80
220.132.16.114:80
220.210.163.76:80
23.92.16.164:8080
24.196.13.216:80
24.249.73.48:80
31.146.61.34:80
37.139.21.175:8080
37.208.106.146:8080
37.222.74.104:8080
42.200.178.117:80
42.200.191.247:80
45.55.179.121:8080
47.146.123.171:80
47.156.64.4:80
49.204.68.26:20
5.32.84.54:80
5.39.91.110:7080
5.45.108.146:8080
50.35.17.13:80
54.39.177.43:80
54.39.187.202:443
58.177.172.160:80
59.120.74.106:80
59.20.65.102:80
60.142.249.243:80
61.92.159.208:8080
62.84.75.50:80
64.66.6.71:20
68.183.18.169:8080
70.32.115.157:8080
71.10.114.255:80
71.222.157.155:80
72.10.33.195:8080
72.202.237.228:80
72.231.228.196:80
72.47.248.48:7080
74.130.137.231:80
74.208.45.104:8080
75.133.26.185:80
77.69.8.132:7080
77.90.136.129:8080
79.99.107.130:443
81.215.14.128:80
83.169.21.32:7080
87.252.100.28:80
89.19.20.202:443
90.79.26.91:8080
91.219.169.180:80
91.231.166.124:8080
91.236.4.234:443
91.242.138.11:80
93.114.205.169:80
93.123.22.241:80
93.147.157.195:80
93.51.50.171:8080
94.206.82.254:443
94.76.247.61:8080
95.9.95.101:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/03/30/emotet-c2-rsa-update-03-30-20-1.html

104.182.56.131:443
109.73.110.33:80
110.143.8.89:80
110.37.226.196:443
113.160.130.116:8443
113.161.147.51:80
117.4.120.226:8080
118.70.126.251:443
134.19.217.180:80
149.135.10.19:80
168.197.252.178:80
177.0.241.28:80
177.139.128.221:80
177.230.81.0:22
177.73.3.204:80
179.62.26.236:80
180.222.165.169:80
181.164.215.193:80
181.176.191.27:443
181.228.91.247:443
184.57.130.8:80
186.176.228.2:80
186.208.123.210:443
186.80.169.128:80
187.162.248.237:80
188.129.197.149:80
188.251.213.180:8080
189.154.68.123:143
189.160.15.202:465
189.168.169.129:80
189.253.255.142:80
190.147.165.160:465
190.16.142.187:80
190.160.53.126:80
190.181.235.46:80
190.244.125.144:80
190.251.235.239:80
190.47.227.130:443
2.28.113.59:80
2.47.112.152:80
200.126.237.113:80
200.73.228.225:80
201.214.229.79:80
212.156.219.6:8080
213.243.211.114:80
24.179.13.119:80
24.194.252.25:80
37.210.228.23:80
41.169.20.147:80
41.203.62.170:80
45.118.136.92:8080
45.161.242.102:80
46.35.75.225:8080
47.150.248.161:80
49.176.162.90:80
60.117.26.28:80
61.197.37.169:80
67.20.141.76:80
68.115.64.219:80
68.203.213.226:80
73.155.126.84:80
73.176.10.71:80
80.102.134.174:8080
81.169.202.3:443
82.240.207.95:443
84.9.167.76:80
88.247.144.128:80
91.73.223.130:80
95.7.221.205:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/01/emotet-c2-rsa-update-04-01-20-1.html

189.134.47.51:443
101.187.104.105:80
60.53.206.244:80
70.180.44.93:80
221.133.46.86:443
88.244.56.219:80
201.91.28.210:80
46.214.11.172:80
65.24.85.214:80
190.108.228.62:8080
124.150.175.133:8080
170.82.195.50:80

# Reference: https://twitter.com/ScumBots/status/1238427161482211328
# Reference: https://www.virustotal.com/gui/ip-address/77.72.131.69/relations

77.72.131.69:442
77.72.131.69:8080

# Reference: https://twitter.com/sysopfb/status/1245787828300234752
# Reference: https://www.virustotal.com/gui/ip-address/23.95.238.106/relations

http://23.95.238.106

# Reference: https://www.virustotal.com/gui/file/761287c60d47505b6d4bd079b49dd1ce3376217737c3aff8fd3daecdcc618e3f/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/e3b41c0d0834c0d5b121012fe9219529afaed899420d99bd3dba11f2c0a8810b/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01/behavior/Dr.Web%20vxCube

197.87.130.229:8080
216.137.249.154:80
106.243.65.250:443
98.191.228.168:990

# Reference: https://www.virustotal.com/gui/ip-address/118.167.155.233/relations

http://118.167.155.233

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/06/emotet-c2-rsa-update-04-06-20-1.html

152.170.222.65:80
84.79.142.51:8080
94.130.171.231:8080
113.52.123.226:7080
95.180.25.146:80
82.223.70.24:8080
186.188.152.177:80
179.127.59.210:443
91.73.197.186:80
137.25.7.112:8080
181.30.69.50:80
190.229.148.144:80
176.111.60.55:8080
209.151.248.242:8080
142.105.151.124:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/07/emotet-c2-rsa-update-04-07-20-1.html

201.213.100.141:443
87.127.197.7:8080
189.160.234.67:80
201.231.87.82:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/13/emotet-c2-rsa-update-04-13-20-1.html

67.235.68.222:80
110.145.101.66:443
93.147.137.162:80
137.59.187.107:8080
190.161.45.112:80
46.30.175.11:80
152.231.123.2:80
70.48.238.90:80
189.154.128.205:80
170.81.48.2:80
220.213.79.166:443
190.196.143.58:80
60.53.197.6:80
177.38.15.151:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/20/emotet-c2-rsa-update-04-20-20-1.html

68.44.137.144:443
114.145.241.208:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/04/30/emotet-c2-rsa-update-04-30-20-1.html

196.179.249.218:8080
85.94.81.18:80
193.80.169.64:80
78.12.27.172:80
132.255.227.134:80

# Reference: https://www.virustotal.com/gui/ip-address/103.38.12.139/relations

103.38.12.139:443
103.38.12.139:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/04/emotet-c2-rsa-update-05-04-20-1.html

195.76.232.114:80
85.94.170.73:80
186.188.222.3:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/11/emotet-c2-rsa-update-05-11-20-1.html

103.83.81.141:8080
95.216.118.202:8080
84.21.179.51:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/05/25/emotet-c2-rsa-update-05-25-20-1.html

162.154.38.103:80
186.226.226.116:80
181.92.244.156:80
41.215.92.157:80
190.47.227.130:80
213.60.96.117:80
79.45.112.220:80
153.133.224.78:80
140.207.113.106:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/01/emotet-c2-rsa-update-06-01-20-1.html

190.163.1.31:8080
190.19.169.69:443
190.144.18.198:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/15/emotet-c2-rsa-update-06-15-20-1.html

121.124.124.40:7080
24.1.189.87:8080
46.105.131.79:8080
186.223.86.132:443
207.255.37.143:80
37.210.166.214:80
75.139.38.211:80
153.126.210.205:7080

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/22/emotet-c2-rsa-update-06-22-20-1.html

190.111.215.4:8080
200.83.209.144:80
80.249.176.206:80
173.91.22.41:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/06/26/emotet-c2-rsa-update-06-26-20-1.html

46.49.124.53:80

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/06/emotet-c2-rsa-update-07-06-20-1.html

190.108.228.62:443
190.55.233.156:80
178.153.214.228:80
14.99.112.138:80
203.153.216.189:7080
61.19.246.238:443
41.169.20.147:8090
181.164.110.7:80
88.235.222.255:80
212.51.142.238:8080
91.211.88.52:7080
181.120.79.227:80
93.156.165.186:80
108.48.41.69:80
64.88.202.250:80
190.194.242.254:443
200.55.243.138:8080
217.13.106.14:8080
51.38.201.19:7080
81.2.235.111:8080
110.143.151.194:80
222.214.218.37:4143
139.59.60.244:8080
116.203.32.252:8080
186.250.52.226:8080
219.92.13.25:80
181.230.65.232:80
189.218.165.63:80
79.98.24.39:8080

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/14/emotet-c2-rsa-update-07-14-20-1.html

217.199.160.224:7080
186.70.127.199:8090
137.74.106.111:7080
109.117.53.230:443
109.74.5.95:8080
198.27.69.201:8080
58.153.68.176:80
181.129.96.162:8080
210.165.156.91:80
87.106.231.60:8080
181.134.9.162:80
104.247.221.104:443
95.179.229.244:8080
157.245.99.39:8080

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/20/emotet-c2-rsa-update-07-20-20-1.html

157.7.199.53:8080
124.45.106.173:443
74.207.230.187:8080
201.212.78.182:80

# Reference: https://www.virustotal.com/gui/file/a157a594207a18ada06373850abfce851648ff92ecf590b4539504ccd53c1354/detection

51.68.220.244:8080

# Reference: https://www.virustotal.com/gui/file/7aa1e0b8e78c3e0fd34f19b7398342d98216979a5a1ee19a5b89f83e4ce0fbbf/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/1514389b50f6fb2be1712fa470e2b5c9a7455697bc029ca211f944d8d3907228/detection
# Reference: https://www.virustotal.com/gui/file/dc4fa229a83ac9689fbbe7494d408c0806a769af5008df4ae6975b9e89a0c35f/behavior/Dr.Web%20vxCube

tan-shuai.com/wp-content/9j34284/
raioz.com/img/qngig44/
raybo.net/bemcadd/7307/
avendtla.com/tcuv/pd27/

# Reference: https://twitter.com/58_158_177_102/status/1284138503127699458

109.117.53.230:443
tri-comma.com/wp-admin/MmD/

# Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/

178.210.171.15:443
190.160.53.126:443
212.51.142.238:443

# Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/
# Reference: https://app.any.run/tasks/765ea589-8b55-4031-818e-521840513ed2/

http://201.212.78.182
74.207.230.187:8080

# Reference: https://twitter.com/malware_traffic/status/1285664072814538753

124.45.106.173:443
198.144.158.120:443

# Reference: https://paste.cryptolaemus.com/emotet/2020/07/28/emotet-malware-IoCs_07-28-20.html

190.164.75.175:80
212.231.60.98:80
76.27.179.47:80
70.167.215.250:8080
47.153.182.47:80
187.106.41.99:80
88.217.172.65:443
177.37.81.212:443
24.234.133.205:80
181.143.101.19:8080
177.75.143.112:443
78.189.111.208:443
67.225.201.19:8080
23.111.136.190:8080
181.113.229.139:443
195.14.0.12:8080
71.208.216.10:80
192.95.4.184:8080
201.214.108.231:80
209.182.216.177:443
179.60.229.168:443
95.9.185.228:443
212.156.133.218:80
177.73.0.98:443
83.110.223.58:443
24.43.99.75:80
71.50.31.38:80
191.182.6.118:80
144.139.91.187:443
190.163.31.26:80
189.1.185.98:8080
189.146.1.78:443
191.99.160.58:80
105.209.239.55:80
177.74.228.34:80
190.96.118.251:443
24.157.25.203:80
195.159.28.229:7080

# Reference: https://paste.cryptolaemus.com/emotet/2020/08/31/emotet-malware-IoCs_08-31-20.html

58.171.153.81:80
72.135.200.124:80
190.128.173.10:80
157.245.138.101:7080
194.187.133.160:443
188.2.217.94:80
190.136.179.102:80
95.9.180.128:80
137.119.36.33:80
190.225.150.234:80
178.148.55.236:8080
70.121.172.89:80
94.200.114.161:80
24.148.98.177:80
50.81.3.113:80
67.68.210.95:80
85.109.159.61:443
107.161.30.122:8080
206.15.68.237:443
24.135.1.177:80
2.144.244.204:443
200.114.213.233:8080
186.103.141.250:443
45.182.161.17:80
139.162.108.71:8080
86.98.143.163:80
93.147.212.206:80
174.100.27.229:80
210.1.219.238:80
172.105.78.244:8080
115.78.11.155:80
179.62.238.49:80
118.101.24.148:80
73.213.208.163:80
153.232.188.106:80
173.94.215.84:80
45.173.88.33:80
37.187.100.220:7080
98.109.204.230:80
162.249.220.190:80
219.92.8.17:8080
77.238.212.227:80
190.190.15.20:80
174.45.13.118:80
162.241.242.173:8080
5.79.70.250:8080
209.236.123.42:8080
82.76.111.249:443
87.106.225.180:8080
62.30.7.67:443
222.159.240.58:80
138.97.60.141:7080
190.53.144.120:80
199.203.62.165:80
24.137.76.62:80
216.208.76.186:80
74.109.108.202:80
189.39.32.161:80
220.254.198.228:443
152.169.22.67:80
112.185.64.233:80
197.232.36.108:80
95.216.205.155:8080
185.86.148.68:443
190.190.148.27:8080
174.102.48.180:443
88.217.172.165:8080
89.205.113.80:80
65.36.62.20:80
175.29.183.2:80
81.4.105.175:8080
45.55.82.2:8080
85.66.181.138:80
68.183.233.80:8080
201.235.10.215:80
197.221.158.162:80
190.55.186.229:80
113.203.250.121:443
216.10.40.16:80
181.122.154.240:80
37.70.8.161:80
51.255.40.241:443
198.57.203.63:8080
45.33.77.42:8080
189.2.177.210:443
82.239.200.118:80
181.137.229.1:80
91.121.54.71:8080
60.125.114.64:443
173.81.218.65:80
45.55.36.51:443
67.247.242.247:80
37.52.87.0:80
81.17.93.134:80
68.171.118.7:80
178.250.54.208:8080
103.106.236.83:8080
71.57.180.213:80
120.150.60.189:80
212.174.55.22:443
64.201.88.132:80
213.197.182.158:8080
168.0.97.6:80
174.137.65.18:80
103.80.51.61:8080
187.161.206.24:80
45.16.226.117:443
186.227.146.102:80
189.131.57.131:80
94.23.237.171:443
185.208.226.142:8080
107.5.122.110:80
68.188.112.97:80
159.65.222.75:8080
84.39.182.7:80
177.94.227.143:80
175.139.144.229:8080
110.142.219.51:80
151.236.60.57:8080
139.99.158.11:443

# Reference: https://www.virustotal.com/gui/file/9b5ffb189c00d8a536848736e9cba2d4a71f8fba6f97d11867d677886b4a23e4/detection

http://47.146.117.214

# Reference: https://www.virustotal.com/gui/domain/foroanticorrupcion.sytes.net/relations

foroanticorrupcion.sytes.net

# Reference: https://www.virustotal.com/gui/file/6bdcbed80061d3b58f17759a2b932809c060a9a8b399dc92ee658ec5efd2d000/detection
# Reference: https://www.virustotal.com/gui/domain/deactivate.pw/relations

deactivate.best
deactivate.pw

# Reference: https://twitter.com/malware_traffic/status/1291168989108998146

204.197.146.48:80

# Reference: https://twitter.com/satontonton/status/1291723797528076290
# Reference: https://app.any.run/tasks/eb656a74-c0ba-4811-98e1-38a8cefaa70f/

http://47.146.32.175

# Reference: https://www.virustotal.com/gui/file/50d58ca2623e7fbbe3265bd78640c81fc3cb01a146c5630f656a18fc27e93c5e/detection

185.45.193.62:8080
216.239.32.21:443

# Reference: https://www.virustotal.com/gui/file/62fe71ddde725e4599889009d466a79b0de683d98a8490979b357732c18b79c6/detection

216.239.34.21:443

# Reference: https://www.virustotal.com/gui/file/7ece6173931237b004f4d24c8bd5ff5808a310f35fd6e630d04272f1e1f4c30e/detection

http://24.249.135.121

# Reference: https://www.virustotal.com/gui/file/7c430fa3421e2ea8b9013a4b2d488c721f01245a353a6e93c9f57a99b99a1324/detection

http://198.57.203.63
http://78.189.60.109

# Reference: https://app.any.run/tasks/7e3113be-372a-40f7-9cde-6f32fa94d03a/

http://74.120.55.163

# Reference: https://twitter.com/papa_anniekey/status/1293103714136281095

focus123.mycpanel.rs

# Reference: https://app.any.run/tasks/412a6dce-5520-4e9e-8254-d42c0fff1bd2/

http://95.9.180.128

# Reference: https://app.any.run/tasks/13508623-0e52-4928-b905-46dc7a7ae037/

http://92.24.51.238
139.99.157.213:8080

# Reference: https://pastebin.com/raw/BPTTq6GH

107.185.211.16:80
96.8.113.4:8080
153.126.210.205:7080
47.146.117.214:80
104.131.44.150:8080
169.239.182.217:8080
95.179.229.244:8080
209.182.216.177:443
209.141.54.221:8080
5.196.74.210:8080
72.12.127.184:443
104.131.11.150:443
200.55.243.138:8080
116.203.32.252:8080
142.105.151.124:443
81.2.235.111:8080
74.120.55.163:80
167.86.90.214:8080
87.106.139.101:8080
37.139.21.175:8080
189.212.199.126:443
103.86.49.11:8080
203.153.216.189:7080
181.211.11.242:80
37.187.72.193:8080
41.60.200.34:80
139.130.242.43:80
181.230.116.163:80
109.74.5.95:8080
121.124.124.40:7080
114.146.222.200:80
157.245.99.39:8080
76.27.179.47:80
62.138.26.28:8080
24.43.99.75:80
93.51.50.171:8080
157.147.76.151:80
83.110.223.58:443
46.105.131.79:8080
119.198.40.179:80
79.98.24.39:8080
176.111.60.55:8080
190.160.53.126:80
183.101.175.193:80
104.236.246.93:8080
5.39.91.110:7080
74.208.45.104:8080
24.179.13.119:80
78.24.219.147:8080
50.116.86.205:8080
200.41.121.90:80
190.55.181.54:443
201.173.217.124:443
85.152.162.105:80
137.59.187.107:8080
152.168.248.128:443
95.213.236.64:8080
222.214.218.37:4143
47.146.32.175:80
110.145.77.103:80
70.167.215.250:8080
173.62.217.22:443
47.144.21.12:443
165.165.171.160:8080
62.75.141.82:80
47.153.182.47:80
87.106.136.232:8080
113.160.130.116:8443
185.94.252.104:443
168.235.67.138:7080
91.211.88.52:7080
204.197.146.48:80
180.92.239.110:8080
61.19.246.238:443
139.59.60.244:8080

# Reference: https://app.any.run/tasks/0a4c6780-43d1-4f2d-bc61-e2c74d604fc7/

http://174.102.48.180

# Reference: https://app.any.run/tasks/f8998e16-9781-4289-bd0f-fc346107935c/

http://176.216.226.44

# Reference: https://www.virustotal.com/gui/file/2cc2799a0f649e3f0d8bbfccd7f693a37a5a8def9094ae3f686169513d1d9ea7/detection

159.203.232.29:8080

# Reference: https://pastebin.com/raw/FUr39rYd

109.116.214.124:443
114.173.201.110:80
176.216.226.44:80
177.32.8.85:80
188.83.220.2:443
190.212.140.6:80
192.210.135.126:8080
197.83.232.19:80
201.213.177.139:80
203.117.253.142:80
207.144.103.227:80
212.93.117.170:80
24.233.112.152:80
51.75.33.120:8080
66.61.94.36:80
67.205.85.243:8080
69.30.203.214:8080
83.169.36.251:8080
85.105.140.135:443
88.217.172.164:443
91.222.77.105:80
97.82.79.83:80

# Reference: https://www.virustotal.com/gui/file/97095bd460f1f5204b572cd269f8c3a3e7e73302bcbaac05b3c0b106e2342f47/detection

201.171.150.41:443
219.240.39.215:443
81.198.69.61:80
94.76.247.61:8080

# Reference: https://www.virustotal.com/gui/file/e221dda5e172df72a7b9b605d2ffff5043219a3980adb5102825ee97e75ff423/detection

213.176.36.147:8080

# Reference: https://www.virustotal.com/gui/file/79fe6e1db7b6d43c9d290ccbfcc0d81127d7d366451e5c04c09980ffd352e388/detection

http://47.146.32.175

# Reference: https://www.virustotal.com/gui/file/3813928dd0bac12320f38a077ff89695a08c2b334b3d57fd37130ae2040b3842/detection

http://24.233.112.152

# Reference: https://app.any.run/tasks/ca298aef-0237-4f4c-9d4c-16e9ffa8d995/

http://186.109.104.67

# Reference: https://app.any.run/tasks/33208f2a-b475-4c87-a901-2c5ffc9931a1/

http://45.173.88.33

# Reference: https://app.any.run/tasks/dc65776b-ff73-45ee-89c4-34189aaafe80/

http://182.176.95.147
172.96.190.154:8080

# Reference: https://app.any.run/tasks/4ba4ab9b-664c-4817-b84b-a51f891637af/

http://82.163.245.38

# Reference: https://app.any.run/tasks/91f5641c-18d1-42b1-ba94-57a3aab3241b/

116.202.234.183:8080

# Reference: https://app.any.run/tasks/0b1c53d6-f7a2-4d10-964d-2d416abf2537/

http://162.249.220.190

# Reference: https://www.virustotal.com/gui/file/3eea9f7afe639ed32775963d6fae0261bd31b0927a8d21eb9cbcaadfe7633ae4/detection

poonamjoshi.com

# Reference: https://twitter.com/papa_anniekey/status/1289005683581435904

microclan.com

# Reference: https://app.any.run/tasks/9bc263f3-d30b-466c-9a9f-95121bd5606d/

http://94.49.254.194

# Reference: https://twitter.com/Jan0fficial/status/1297864705504092161

mj-web.dk

# Reference: https://twitter.com/Circuitous__/status/1298324692214919170

smileplz.com

# Reference: https://twitter.com/yungmay0/status/1298374886499508225
# Reference: https://app.any.run/tasks/6f234b9c-35dd-4659-be3c-f6ee6a6b1567/

pelayoacctg.org.ph
quanticaelectronics.com

# Reference: https://app.any.run/tasks/3f4cb411-b57f-4535-bf97-0123144a4081/

http://107.5.122.110
45.55.219.163:443

# Reference: https://app.any.run/tasks/7111f9b9-5357-4a91-850c-3471d257a016/

65.156.53.186:8080

# Reference: https://app.any.run/tasks/191b2189-4ab8-4085-a457-2b1e2aaf3dbc/

71.197.211.156:80

# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-08-25-IOCs-for-Emotet-with-Trickbot.txt

185.81.158.15:8080
grzegorzkucharski.com
karaz-sd.com
king61tours.com

# Reference: https://twitter.com/seguridadyredes/status/1298903561724669952

http://176.10.250.88

# Reference: https://app.any.run/tasks/0c98e26c-ad79-46e3-b603-cd4f36470c69/

http://98.13.75.196

# Reference: https://pastebin.com/raw/QUeZ8m10

112.78.142.170:80
134.209.193.138:443
162.144.42.60:8080
172.91.208.86:80
184.66.18.83:80
188.219.31.12:80
190.96.15.50:80
207.144.103.227:80
212.93.117.170:80
217.199.160.224:8080
24.26.151.3:80
37.205.9.252:7080
54.38.143.245:8080
65.156.53.186:8080
72.167.223.217:8080
73.116.193.136:80
78.189.60.109:443
86.57.216.23:80
91.75.75.46:80
93.51.50.171:8080
98.13.75.196:80

# Reference: https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html (# Doc.Downloader.Emotet-9412146-0)

abcofcricket.com
reliancectg.com

# Reference: https://www.virustotal.com/gui/file/b59c25c29ded7dad9f0015a8ae0101c845220fc92ac6e0ecbc1c4ceaed70ac18/detection

http://173.94.215.84

# Reference: https://twitter.com/Cryptolaemus1/status/1300488497376243712

142.44.137.67:443

# Reference: https://app.any.run/tasks/d9a26e5e-6940-4e71-9c3b-670395fcbe7d/

http://210.1.219.238

# Reference: https://www.virustotal.com/gui/file/05d96fd627d3c6cc52fa1932fd991c983589c0c9acabdac750639eb415203d46/detection

5.56.132.177:8080
93.115.23.115:8080

# Reference: https://app.any.run/tasks/95575a4a-0aeb-49ba-8fa3-149302fde1d9/

http://118.2.218.1

# Reference: https://app.any.run/tasks/27d34ee4-c459-4580-8616-e0fc34a7ddff/

tomssteakhouse.com/wp-includes/
/BWQwW/

# Reference: https://app.any.run/tasks/d57d3def-5cb3-443a-a27d-08fdb95276a3/

qstride.com/img/0/
/FrbJX7FPH/
/HxFvQLG60ICjqj/

# Reference: https://app.any.run/tasks/48ffbd45-913c-4998-9830-ed73775f6e3d/

vidriodecoracion.com/wp-admin/
vanbrast.com/bleech/
/CC2BJDZl0/
/x6KkTJVFA/
/4oy05GSOX/

# Reference: https://app.any.run/tasks/c600b9fd-e9ed-476b-9882-2a396f839313/

vuatritue.com/wp-admin/
/2sRxZP6U/

# Reference: https://app.any.run/tasks/44089aba-65fe-4bb7-a42d-2e4fb6ae3861/
# Reference: https://tria.ge/200828-g57747h5fn/behavioral1

sitecgps.com

# Reference: https://twitter.com/James_inthe_box/status/1305445833903546369
# Reference: https://app.any.run/tasks/777df841-2292-45e7-aff2-9e37ac1e1c25/

http://50.91.114.38

# Reference: https://paste.cryptolaemus.com/emotet/2020/09/15/emotet-malware-IoCs_09-15-20.html

36.91.44.183:80
180.26.62.115:443
45.46.37.97:80
182.253.83.234:7080
113.156.82.32:80
185.183.16.47:80
134.209.36.254:8080
79.137.83.50:443
41.212.89.128:80
113.160.248.110:80
82.118.225.196:7080
220.147.247.145:80
41.84.243.145:80
68.69.155.181:80
115.176.16.221:80
126.126.139.26:443
219.94.242.134:8080
195.251.213.56:80
159.65.140.182:80
118.163.97.19:8080
8.4.9.137:8080
92.24.50.153:80
58.27.215.3:8080
111.67.77.202:8080
104.156.59.7:8080
38.88.126.202:8080
202.188.218.82:80
94.23.216.33:80
219.74.18.66:443
50.121.220.50:80
61.92.17.12:80
202.153.220.157:80
185.178.10.77:80
78.47.87.196:8080
190.101.48.116:80
167.71.227.113:8080
216.47.196.104:80
5.189.182.214:8080
110.5.16.198:80
200.120.241.238:80
82.80.155.43:80
190.85.46.52:7080
54.38.143.246:7080
54.37.42.48:8080
220.109.145.69:80
49.243.9.118:80
156.155.166.221:80
51.38.237.230:8080
187.189.66.200:8080
62.210.90.75:443
181.169.34.190:80
50.91.114.38:80
45.177.120.37:8080
167.114.122.37:80
82.225.49.121:80
75.80.124.4:80
189.160.188.97:80
67.121.104.51:20
116.202.10.123:8080
103.229.73.17:8080
124.41.215.226:80
145.239.169.32:7080
103.80.51.122:8080
5.39.79.163:7080
117.247.235.44:80
82.230.1.24:80
162.214.68.171:8080
121.7.127.163:80
144.91.127.82:8080
89.216.122.92:80
145.239.64.167:8081
96.227.52.8:443
45.230.228.26:443
182.227.240.189:443
96.245.123.149:80
213.196.135.145:80
45.79.16.230:7080
74.136.144.133:80
61.197.92.216:80
88.247.58.26:80
113.193.239.51:443
2.144.244.204:80
155.186.0.121:80
78.187.156.31:80
80.200.62.81:20
190.194.12.132:80
138.201.45.2:8080
74.58.215.226:80
77.106.157.34:8080
51.38.124.206:80
139.59.67.118:443
74.134.41.124:80
42.200.107.142:80
51.89.139.219:8081
76.18.16.210:80
181.95.133.104:80
120.51.34.254:80
89.248.250.44:8080
223.133.20.171:80
128.106.187.110:80
119.92.77.17:80
79.133.6.236:8080
185.215.227.107:443
223.17.215.76:80
5.189.178.202:8080
37.210.220.95:80
80.86.81.31:4143
153.177.101.120:443
103.48.68.173:80
220.245.198.194:80
202.166.170.43:80
221.184.46.216:80
140.186.212.146:80
78.249.119.122:80
78.114.175.216:80
120.138.30.150:8080
104.236.168.190:7080
95.215.46.191:8080
94.1.108.190:443
103.133.66.57:443
37.48.84.223:8080
189.150.209.206:80

# Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-09-25.txt

104.131.103.37:8080
104.131.41.185:8080
110.142.219.51:80
111.67.12.221:8080
111.67.77.202:8080
114.158.45.53:80
12.162.84.2:8080
137.74.106.111:7080
138.97.60.141:7080
152.169.22.67:80
155.186.0.121:80
170.81.48.2:80
172.104.169.32:8080
174.113.69.136:80
177.73.0.98:443
177.74.228.34:80
178.250.54.208:8080
181.129.96.162:8080
181.30.61.163:443
184.66.18.83:80
185.178.10.77:80
185.183.16.47:80
185.215.227.107:443
185.94.252.12:80
185.94.252.27:443
186.103.141.250:443
186.70.127.199:8090
187.162.248.237:80
188.135.15.49:80
189.2.177.210:443
190.115.18.139:8080
190.147.137.153:443
190.163.31.26:80
190.190.148.27:8080
190.195.129.227:8090
190.2.31.172:80
190.24.243.186:80
190.6.193.152:8080
191.182.6.118:80
192.241.143.52:8080
192.241.146.84:8080
199.203.62.165:80
2.47.112.152:80
204.225.249.100:7080
209.236.123.42:8080
212.71.237.140:8080
213.197.182.158:8080
216.47.196.104:80
217.13.106.14:8080
217.199.160.224:7080
219.92.13.25:80
220.109.145.69:80
38.88.126.202:8080
45.16.226.117:443
45.161.242.102:80
45.33.77.42:8080
45.46.37.97:80
5.189.178.202:8080
5.196.35.138:7080
50.121.220.50:80
50.28.51.143:8080
51.159.23.217:443
51.255.165.160:8080
51.38.124.206:80
54.37.42.48:8080
61.197.92.216:80
61.92.159.208:8080
64.201.88.132:80
65.36.62.20:80
67.247.242.247:80
68.183.170.114:8080
68.183.190.199:8080
68.69.155.181:80
70.32.115.157:8080
70.32.84.74:8080
72.47.248.48:7080
73.213.208.163:80
74.136.144.133:80
74.58.215.226:80
77.106.157.34:8080
77.238.212.227:80
77.90.136.129:8080
78.249.119.122:80
80.11.164.185:80
82.196.15.205:8080
82.230.1.24:80
82.76.111.249:443
83.169.21.32:7080
87.106.46.107:8080
92.24.50.153:80
94.176.234.118:443
95.9.180.128:80
96.227.52.8:443
96.245.123.149:80
98.13.75.196:80

# Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-10-14.txt

newcarturkiye.com/wp-admin/Sbp/
hbmonte.com/wp-content/wer/
thewakestudio.com/wp-admin/3D/
formedbyme.com/wp-content/3e/
lilianwmina.com/wp-includes/Y/
partners.ripplealpha.com/data/ultimatemember/L/
unitedway.giving.agency/sys-cache/XnT/

# Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html

0931tangfc.com/images/eTrac/vmaYsYjxcGyLiXUd/
arquivopop.com.br/index_htm_files/D9GIZL0JPRV/2ak4jCRkru/
pulseti.com/arq/LLC/nf3Otsnzwl/
s165469.gridserver.com/2e4e/DOC/v4Ni8lfQic188UKvrV/
weblabor.com.br/avisos/lm/qjQdnNiipH2ePqaY8c/
admin.creciendoconelarcoiris.com/contato/Documentation/O3b3OxuKOsHx7hOCuF/
katthus.site/wp-admin/INC/Wg7iIDE77Q9HKsEdjYH6/
redpandazine.com/rjHumTUCZD/attachments/TJwYOgSjOxaFMXTgZk3/
registro.creciendoconelarcoiris.com/lab-supplier/paclm/cigsGO51PCwBR/
thetastrike.club/monitor/Reporting/2xxcosaiQm/
vesinhlinhanh.vn/zybo-z7/public/uXHtKU6YnwmtjAcz/
1stcombs.suffolkscouts.org.uk/cgi-bin/browse/
3000khoahoc.com/data/Scan/6ahj2xzdg1c/q3ky24bjkzcj2r3blfksen3/
account.scopemedia.com/revision/payment/
acropol-eg.com/www.acropol-eg.com/Overview/
ajwaalmosafer.com/sys-cache/lm/pipnq2lw33/
al3akarat.com/sys-cache/INC/qtymdpa/
amrsyd.com.au/cgi-bin/Documentation/x3lwxecjvkp/
amruthacollegeofeducation.com/css/payment/a1zi5536tf7n/eu4lfqyuym37gs/
arian21.com/alfacgiapi/eTrac/omeqgl2aq6hb/
assecon.com.br/novoassecon/INC/n5yi6u/
atelierpinkcity.com/wp-content/7hfl1ur9wt/
beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/
blizloaded.com/wp-admin/network/report/qfepmhl/
cafehomes.vn/wp-content/Documentation/lv46jsk/
caipa.net.cn/docs/
caipa.net.cn/TN/sites/1dvfcd42/dxkp91i027qbecny5eizt0jxz2ucoi/
constructoraalpes.com/owl/Overview/
cplt20live.com/wp-includes/Text/Diff/payment/
creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/
cursoscaballeros.giving.agency/sys-cache/parts_service/mvvm4m3b1c8/
dagostim.com.br/fill/lm/jfb9ag79u/22lfpp5sekowuy8yme1/
ddazzlediamonds.com/advertisel/Documentation/
ecolushlanka.com/wp-admin/swift/c2clivwye63/
edduteayuda.com.co/sys-cache/sites/unw89lh/
f24.victor-studio.com.tw/wp-admin/public/mbvkcbg/
fabdraft.com/wp-admin/INC/5eoc0fadj1j1/
fleshupdate.com/wp-admin/F0xAutoConfig/public/
foodhanoi.net/wp-admin/swift/s70o7ewtgdxr9qar7cpi68oc/
gaialacticos.com/wp-content/payment/
gblcleanercanada.com/homemade-lash/01328/i21wld87/
hanedu.vn/wp-includes/px2fs1/
hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/
imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/
jietuo66.com/wordpress/Overview/q5yx2v/
joininfo.ca/articleprint/paclm/2muql8fi/
lachaloupe.net/wp-admin/OCT/
leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/
leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/\/
lp.app4you.app.br/wp-admin/02/2s0u94athcx7/90jqr1opf/
merkadito.mx/upload/OCT/
nengjiankang.com/wp-admin/payment/bq02xr1fpjor/t4m5sfqj3pcjqze0j69qw1d3imf5lg/
oel-magazin.de/wp-includes/paclm/
passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/
paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/
pelavo.pl/wp-admin/attachments/
phamxuanquynh.com/wp-content/report/nuec7hz/
phaneedepool.com/wp-admin/invoice/
phonestore-telephonie.fr/wp-admin/public/sue67m/
portugal.scyla.com.br/redirect2/FILE/1pc1k1k89mlkp/
premier-h.com/simulate-logistic/OCT/
project-streams.eu/wp-admin/mqkjk8zv/
projects.bigprint.pictures/cgi-bin/public/pzx10o27/0fprs9c/
promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/
qpcpym.com/ErrorFiles/Reporting/60i5dt9zv/
rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/
randradeseguros.com.br/produtos/esp/vyh32iy3g2fa5jcmt9zkqqm/
rossinglish.com/inverter-repair/browse/gwc4o8/
s171184.gridserver.com/poll_success/Overview/
santoferragens.app4you.app.br/wp-admin/swift/
shenji.victor-studio.com.tw/wp-admin/attachments/91q66l6/
sherif-hammad.com/wp-includes/Scan/uwze9ca1t/
shop.scyla.com.br/wp-includes/esp/uqvl95sehq7p7w/
srno.hu/sys-cache/report/sv98lyo4q/4s5045m4kd/
sulematravel.es/wp-includes/paclm/
sunrisejanitorial.ca/assets/statement/
switch2cloud.net/wp-admin/balance/
teesvalleywashrooms.co.uk/ALFA_DATA/report/
thebeauticianofficial.com/sys-cache/paclm/
thedigitalsquad.net/sitemap/attachments/412tmhd4/
thehotelelevate.com/cgi-bin/Documentation/gtfh86im642/lj4zbliyn52t2/
thenewschef.com/wp-content/06fi03s6qe8oi3941c2yh119fzzpk7/
thientam.online/wp-admin/Scan/
tunimatec.com.tn/Document/esp/
upload.3000khoahoc.com/temp/balance/achxpcbh8w0p/j8vw36gerbcsmsy/
upload.thuviendata.com/2020-02/ptpgzydx057y/
vilong.us/sys-cache/balance/u5s3/
w-maassltd.co.uk/sys-cache/LLC/zenx05r/
ffval.hr/wp-content/statement/
womenup.cz/wp-includes/FILE/
xnk.jbzie.com/wp-admin/public/
1stcombs.suffolkscouts.org.uk/cgi-bin/browse/
45gradi.com/awstats-icon/OCT/5isfj61s/
b2bcom.com.br/site/Document/7h7vt4faff/qh1twu66o573mejk/
beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/
bigfesta.app4you.app.br/wp-admin/statement/
biggboss14show.net/wp-includes/paclm/
blizloaded.com/wp-admin/network/report/qfepmhl/
blog.iymazon.com/wp-content/334214278238924/2tu/
chinadarocha.app4you.app.br/wp-admin/Scan/ciqujxfc8e/
columbiasaude.com.br/sys-cache/INC/5r2ics0dgwv1n43zgmrpwbo/
cplt20live.com/wp-includes/Text/Diff/payment/
creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/
ddazzlediamonds.com/advertisel/Documentation/
digitalscholarbd.com/zs/esp/7qar1o17w/
finally-con.com/sys-cache/attachments/mweke849y4y/zc6xt80o6awna5pi5a3ra5mtvi/
gaialacticos.com/wp-content/payment/
hanedu.vn/wp-includes/px2fs1/
hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/
homewatchamelia.com/wp-admin/docs/
hy-api.cn/ceo-retirement/payment/
imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/
informacion.creciendoconelarcoiris.com/wp-content/uploads/payment/qogke1c2uoe4/
j84.me/wp-admin/Reporting/
koreashop24.com/email/Documentation/mfzm49xudxjjikq8kml9c2ta84j6s2/
lachaloupe.net/wp-admin/OCT/
leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/
librosporfavor.com/wp-content/swift/uid5bmt/547jbnw6kkyl6m2f/
liubaozi.cn/wordpress/sites/txbp5jf5wvfa08bt/
longshushu.com/invoice/nw2nk3jpj23/
margaash.us/sys-cache/DOC/0u9thggdtv/1zn69dp08z987/
modelo-delivery.app4you.app.br/wp-admin/yi8alm/
newdimension.co.th/wp-admin/statement/0yun1pqrev1cplh8bqi820fi/
oel-magazin.de/wp-includes/paclm/
passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/
paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/
pelavo.pl/wp-admin/attachments/
phamxuanquynh.com/wp-content/report/nuec7hz/
promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/
rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/
repuscolombia.com/presupuestos/DOC/
resilientfutures.com/wp-content/k290eennf1/
santoferragens.app4you.app.br/wp-admin/swift/
selerakampung.com/wp-admin/Documentation/d8gqui/
skenglish.com/wp-admin/statement/
stevegates.co/free-low/attachments/ruokgkmy6v1uj3/
sulematravel.es/wp-includes/paclm/
tcamexpo.com/wp-content/parts_service/msql9lpdtsv3/
toy-house.pk/sys-cache/DOC/5s5eis2d/69fd5dr6k/
vilong.us/sys-cache/balance/u5s3/
vinhomesq9.vn/sys-cache/492874195037797/
w-maassltd.co.uk/sys-cache/LLC/zenx05r/
webturf263.com/wp-content/eTrac/1zdnklmh9tcx017cd/
lvl.com.br/wp-admin/INC/lr9pldlk3kv/
tianhengdaojituan.com/wp-includes/sites/
zhengtiankai.com/wp-content/public/gblpdj3y0y3a/y6iai/
zirrimarra.eus/wp-content/Documentation/svz0w6/

# Reference: https://twitter.com/Cryptolaemus1/status/1316730653044600833

financiamentointeligente.com/wp-content/Fj/
removepctrojan.com/wp-admin/6/
aahnaturals.net/wp-includes/TX/
sff3d.com/3d/xk/
engineering-2s.com/SS_Paypal/X/
lsmanga.com/migration/FaU/
beta.zoneberry.com/bysyswexecf/x3/

# Reference: https://twitter.com/Cryptolaemus1/status/1316751913774444546
# Reference: https://twitter.com/Cryptolaemus1/status/1316751914328096770

imenbartariran.com/wp-admin/CZ/
duberysunglass.com/img/A/
icilimoges.com/wp-includes/Ym/
trungtamgioithieuvieclamdongnai.com/submit_form/sFO/
events.medialogic.cloud/blazor-preventdefault/r8W/
inspira-psicologia.com/css/F/
sheriaspace.com/wp-admin/R/

# Reference: https://twitter.com/Cryptolaemus1/status/1316759252371988480

happyseedscharity.com/wp-includes/EgjM/
ecolands.info/wp-includes/LZ7O0h/
liguendembo.com/wp-includes/DeAM6hn/
xiaolechen.com/pollinodial/5lTy0/
mallowsvirtualcreatives.com/wp-content/2pw1/
rfcrfc.com/wp-admin/oZ/
bbs.rfcrfc.com/api/V/

# Reference: https://twitter.com/Cryptolaemus1/status/1316779526404427777

jrvservices.com.br/JRV_ANTIGO/d0cNATaKxy/
aqfsistemas.com.br/manufacturerl/hA/
paramythou.gr/wp-includes/jmoG/
foxfire.ph/wp-admin/YQW/
novaes.com.br/files/uZK/
excelenceimoveis.com.br/wp-includes/k/
equipamentosmix.com/10/aK99ApiT/

# Reference: https://twitter.com/bomccss/status/1316998263094996992
# Reference: https://twitter.com/Cryptolaemus1/status/1316992711904399360
# Reference: https://twitter.com/Cryptolaemus1/status/1316985594694766593
# Reference: https://app.any.run/tasks/dfefe288-fc49-4d40-b00a-f517363910bc/

divemed-tech.com/will-a/gjzE/
johndaurizio.com/wp-includes/Uhp4cB5mgN/
bazarkotulpur.com/wp-content/0tu/
geosrt.com/atrabiliary/yfH/
dmtland.com/wp-admin/4k/
zero-finance.com/wp-content/6sa/
myseedology.com/cgi-bin/7GzFsT/
foulgerteam.com/foulgerteam.com/i/
amicusdh.org/coaid/0g/
charlesze.com/content/z0lGKS/
tiktokvapes.com/wp-admin/xL/
blackstonetutors-onlineportal.com/wp-includes/fm/
bachhoanhale.com/wordpress/I/
invaluablearts.com/6sn1f/t/
mycollegecp.com/content/kRL/
tatilburdur.com/scutum/KV/
pgiso.com/wp-admin/mCQ/

# Reference: https://twitter.com/Cryptolaemus1/status/1317042881517977600

divemed-tech.com/will-a/gjzE/
johndaurizio.com/wp-includes/Uhp4cB5mgN/
bazarkotulpur.com/wp-content/0tu/
olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/
studyguidewithlakshmi.com/directory/v982c9VH5c/
pandebaik.com/_vti_bin/Y/
agroproindia.com/cgi-bin/95r09UGlIj/

# Reference: https://twitter.com/Cryptolaemus1/status/1317053813132546048

vuatritue.com/wp-admin/Ux/
shraddhacarrentalindore.com/wp-includes/M/
fortunelabels.com/test/SZ/
p4uclasses.com/wp-content/G/
tanger-soft.com/does-leaving/Kig/
pxid360.com/wp-admin/PN/
childselect.com/cgi-bin/y/

# Reference: https://twitter.com/Cryptolaemus1/status/1317061556958646272

dodungphongtam.com/content/GZ5Mk/
symbiosis-consulting.com/blogs/FVX8XRa/
getquicksafaris.com/wp-content/nJtvlV9ha/
sakhilalleather.com/wp-admin/t7GkPP4/
metodotrcd.com/wp/d/
borjboland.com/wp-admin/pH/
rangpurbarassociation.com/cgi-bin/2BdjrjymS/

# Reference: https://twitter.com/Cryptolaemus1/status/1317082747186434048

safeabortionrx.com/ext/XII/
brightcdr.com/wp-content/LNTELiq/
cavancart.com/staticmap/WR/
homeabortionpillsrx.com/ext/N6SKd/
portal.digitalcompass.com/Styles/deeB/
apidocs.dcdial.com/wp-includes/H/
360www.ca/content/2/

# Reference: https://twitter.com/Cryptolaemus1/status/1317097518711377923

paganwitch.com/wp-admin/0pd/
creationskateboards.com/shred/H/
gtech.thngo58.com/wp-includes/9zo/
dlhagency.com/cgi-bin/8z/
drwalidabdelgaffar.com/dentalia/lL/
rtjandxly.online/wp-content/kir/
bnmintl.com/cgi-bin/Ibu/

# Reference: https://twitter.com/Cryptolaemus1/status/1317112136636731392

iei7.com/wp-admin/5ShKLn/
right2liferx.com/admin/AcgEH/
poppylon.com/wp-admin/E22zho/
personaltrainersindia.com/fonts/Q55X/
eldahwa.com/9th-grade/F2Kw/
meeak.com/wp-admin/lcJ/
prabhatcycles.com/prabhatcycles/U1i7/
housetutor.wasseela.com/x2ekf/tMR/

# Reference: https://twitter.com/Cryptolaemus1/status/1317176477734047745

thehouseofpeace.org/cgi-bin/NZdfyylt/
wayfinancial.ca/wp-content/3H9P2P9qn/
tola.ae/docs/t/
bms-guisborough.co.uk/wp-admin/nIdNw7fA/
ardos.com.br/simulador/hpWciv1B/
andrycarias.com/grupo-desafio.com/EZ2w/
solidrockwesleyan.ca/wp-includes/WeqhX7hE/

# Reference: https://twitter.com/Cryptolaemus1/status/1317227929072533504

storagelookup.com/wp-admin/5pmuuxWKoN/
flowerdeliverypasadena.com/wp-content/J8tPsVAF4/
concrecasa.cl/wp-admin/RUQ87/
atrocity.de/blogs/iRB9/
svi.bo/wp-content/5CX8zlve/
gosbooking.com/wp-admin/ej5/
dummyestudio.com/wp-content/bP/

# Reference: https://twitter.com/Cryptolaemus1/status/1317238025701724160

wiwildcare.org/wp-includes/Ri/
gyandarbar.com/EDU/wBubLrB/
giannaspsychicstudio.com/cgi-bin/AAHr/
berkeywaterfilterplus.com/wp-admin/A/
myanmarlegalservices.com/wp-admin/87M/
bestgunsafety.com/wp-admin/u23zKk2/
mantenanews.com/wp-content/G/
liciousbbl.com/wp-includes/5k8n/

# Reference: https://twitter.com/Cryptolaemus1/status/1317354642494410753

fumigacionesmac.com/wp-includes/je/
excellence4u.com/wp-snapshots/brAvtr/
balancingelephants.com/wp-content/kH/
tahirsylaj.com/error/UpDueJ/
bestoffershop.com/wp-admin/k/
wintekelevators.com/wp-content/xExD/
supplementhouse.net/wp-content/HXLS7K/
solddolls.com/cgi-bin/xwoLV/

# Reference: https://twitter.com/VirITeXplorer/status/1318095610537443328

tahirsylaj.com/error/UpDueJ/
bestoffershop.com/wp-admin/k/
wintekelevators.com/wp-content/xExD/
supplementhouse.net/wp-content/HXLS7K/
solddolls.com/cgi-bin/xwoLV/
fumigacionesmac.com/wp-includes/je/
excellence4u.com/wp-snapshots/brAvtr/
balancingelephants.com/wp-content/kH/

# Reference: https://twitter.com/Cryptolaemus1/status/1318118172285947904

geoportal.rivasciudad.es/wp-includes/MD/
baltische-rundschau.eu/wp-content/uploads/2pj7/
leboutique-store.com/wp/dOs/
bespokebysumitgrover.com/wp-includes/mwYw/
rajania.com/cummins-engine/nPd/
aabeds.com/jtdla2131/Y/
svi.bo/wp-content/NIEP3/
podzalog39.ru/podzalogOLD/n/

# Reference: https://app.any.run/tasks/de25cba4-817b-4931-b20d-95f180fe5c0c/

travelsportrepeat.com/wp-content/0/
wemusthaveit.com/freeze-columns/KQiSFq7/
tuhishair.com/blog/g3H/
entout.co.uk/wp-includes/wdh/
blog.artemisaritim.com/accuracy-of/z/
ad-avenue.net/-/MH6/
wintekelevators.com/avast-premium/S6/

# Reference: https://twitter.com/Cryptolaemus1/status/1318122399079014400

tonolledo.com/docs/R6/
jegsnet.com/wp-content/J/
melrosebeautycenter.com/windows-10/MM/
blog.gadzoom.net/wp-includes/g0/
gtech.thngo58.com/zwift-level/xnH/
hbrpatel.com/wp-content/amT/
indiastartup360.com/wp-admin/Cm/

# Reference: https://twitter.com/abel1ma/status/1318130996332564482
# Reference: https://app.any.run/tasks/12a094d8-1806-4349-a485-8e3ea950f0f6/

tudorinvest.com/wp-admin/rGtnUb5f/
dp-womenbasket.com/wp-admin/Li/
stylefix.co/guillotine-cross/CTRNOQ/

# Reference: https://twitter.com/VirITeXplorer/status/1318138248783450115

ardos.com.br/simulador/bPNx/
drtheurelplasticsurgery.com/generalo/rhrhflv92/
bodyinnovation.co.za/wp-content/2ssHvi/
nomadco.es/wp-admin/MvwVHCG/

# Reference: https://twitter.com/Cryptolaemus1/status/1318189858989420545

stech.com.np/wp-admin/U/
worlddatapro.com/flama-condensed/2fPei5/
bluedemonlodge.com/wp-content/yBvR7Tw/
laindianrestaurants.com/wp-includes/B3pPZIas/
daogou.icu/wp-admin/kyJ4pA/
wisdomapologetics.com/neje-master/KM/
fotomax.fr/cgi-bin/dm/

# Reference: https://twitter.com/Cryptolaemus1/status/1318230428868874243

guarany.net/zefiro/K/
yanlipin.net/wp-admin/Q/
aanshtravels.com/_notes/JLM/
tcamexpo.com/wp-content/c/
easihacks.com/wp-includes/d/
cosyshe.com/wp-includes/A41/
goodpriceshoes.com/wp-includes/0Ko/

# Reference: https://twitter.com/Cryptolaemus1/status/1318269256295981056

onepalate.biz/wp/YuUcpzM/
webdachieu.com/wp-admin/J/
smallbatchliving.com/wp-admin/uccE/
richellemarie.com/wp-admin/xlTWW/
richelleshadoan.com/wp-admin/Ucrkcvp/
holonchile.cl/purelove/Y4/
a2zarchitect.com/wp-admin/LAs0P/
raumfuerneues.eu/error/AuTiH/

# Reference: https://twitter.com/Cryptolaemus1/status/1318286786494402562

yixuecourse.com/wp-includes/wE/
estylohouse.com/pms/application/language/e/
77wins.club/wp-content/4y/
layagroup.net/wp-admin/5h/
zionimmigration.com/scss/bHd/
vivoslotpulsa.com/wp-content/1/
wizzdomhub.com/wp-content/IZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1318425528760750082

vidadohomem.com/wp-content/Eu/
virtual-event-service.com/assets/tW/
mallowsvirtualcreatives.com/llfdsofdsfss/51C/
rovonize.com/email.rovonize.com.rovonize.com/M/
mahfuzur32785.com/identify-the/IM/
africafoodworld.com/wp-admin/WD/
bloglamtinh.com/wp-admin/N/

# Reference: https://twitter.com/Cryptolaemus1/status/1318468646134571009

wodsuit.com/ram-aisin/7r9/
hoobiq.com/cgi-bin/Xyv/
bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/
vat201.com/calculator/itQ/
vikinggg.com/hydrolysis-of/bY/
mohamedsayed.com/wp-admin/Zt/
hostimpel.com/js/q/

# Reference: https://twitter.com/Cryptolaemus1/status/1318469815082881025

rossie.in/wp/6L0U/
envirohubconsulting.co.za/cgi-bin/vI5/
grandages.org.my/office/y6Uz/
dailypharmajobs.com/cgi-bin/CyCdO/
comercialadvance.com/images/MFXxM5Tg/
royalnight.in/wp/lEA2gXXBj/
gymmuscle.tk/wp-content/U8j1Bkh/

# Reference: https://twitter.com/Cryptolaemus1/status/1318644038057287680

salesforcesupports.com/wp-admin/UK4/
sakcampharma.com/wordpress/L8E/
laosonline88.com/old-web-bk/M8B/
quicktowtowing.com/indexing/N2/
tecnolora.com/grup-bo/NWd/
geoffoglemusic.com/wp-admin/Mym/
58yuesao.top/wp-admin/HG/

# Reference: https://twitter.com/Cryptolaemus1/status/1318657897623134209

nursefreedomsystem.com/cgi-bin/eYae/
masterbookpub.com/cgi-bin/H/
247tvad.com/wp-includes/CLwQ/
wearenursesvip.com/wp-includes/ZbcC/
demo.acousticify.net/intune-company/UAONxeh/
hello.congduhoc.com/logstash-mutate/d/
musicrepublicmagazine.com/wp-content/HbW/
littleforbig.com/menuso/5IW5/

# Reference: https://twitter.com/Cryptolaemus1/status/1318666564141502464

keishixx.com/apc/ew5/
zylko.com/wp-admin/SD/
kyleesbirthdaybash.com/wp-includes/Sco/
kbpatinhaus.com/wp-includes/5r/
almaart.ir/wp-ontent/7pp/
premiumnitrilegloves.com/wp-content/7/
mommafi.com/wp-includes/S/

# Reference: https://twitter.com/Cryptolaemus1/status/1318816075820224514

safarsetutours.com/safarsetutours/do75yh/
iimedu.uk/wp-includes/m8YXYxu/
weeklymasterclass.com/wp-includes/ZqsGa/
onetrepreneur.co.uk/test/gQX87a/
commonsenserevisitedbook.com/wp-includes/6BAdVn6/
taabgroup.com/divi-woocommerce/7BHbH/
pruebadario.ecomerciar.com/wp-admin/jSEbK2o/
rebuneae.com/wp-content/EivSc/
allindiacrimepress.com/blogs/media/AO9/
housetutor.wasseela.com/x2ekf/sWv/
avoyrakib.com/wp-admin/28/
kianyadak.com/ik/M/
souryumon-alive.net/VL/
mail.cozyreview.com/Ko8/
econews.treegle.org/how-to/v/
atrezzos.beneficiosparaempleados.com/wp-admin/kzqh1zM/
vinarorganics.com/css/L0vMERYKQD/
adidasyeezy.store/welph/ccrcbr1xFU/
zunan.com.tw/wp-admin/lQ59Q/
vstsample.com/wp-includes/YV/
tuneclick.co.uk/img/eBV/
library.strophicmusic.com/test/VNTHdB7678/

# Reference: https://twitter.com/Cryptolaemus1/status/1318865011683610626

plakatjogja.com/wp-content/X/
vnadevelopers.com/wp-admin/BF/
nursesweekparty.com/wp-includes/bQR/
hodmunha.info/wp-includes/Ce/
novaworlds-muine.com/khudothiaquacity.com/a/
weapontoys.com/wp-content/Ok/
bold-c.com/wp-admin/Ac/

# Reference: https://twitter.com/Cryptolaemus1/status/1318916731914670084

michaelandrewsbakery.com/wp-admin/M/
forsalebyowner247.com/wp-includes/8m/
webgisjambi.com/wp-content/uploads/V5a/
tigerstormtraffic.com/wp-includes/h23/
optimisticdeals.com/wp-content/S/
twogirlscleaning.com/openbayl/KaI/
online2u.biz/ogretmenevi/4Yj/

# Reference: https://twitter.com/Cryptolaemus1/status/1318920275732418566

aspensnowmasswebcam.com/wp-admin/SC6c2o/
ticket1st.com/wp-includes/98Zkfi/
eyebrowandme.com/cgi-bin/3NN/
newsfocus123.com/96kaifa/cc1/
dev.muzigal.com/cron/Mdn/
dehateet.com/wp-admin/Gqg0Ma/
keithdougherty.com/wp-includes/Yen85/
nurseprizes.com/wp-includes/hS/

# Reference: https://twitter.com/Cryptolaemus1/status/1318943116016091136

ecommarket.xyz/uptown/LSm7vXy0v/
pearlcomputers.com.pk/bitcoin-apk/37qD0b/
treeremovalnerds.com/wp-content/7n5ut/
isupportthecause.org/wp-includes/sbCBUzN/
englishmatters.hk/wp-admin/hDcXxqmeD8/
innoovation.com/blogs/sOKc4/
habiganjjournal.com/wp-content/TUQB/

# Reference: https://twitter.com/Cryptolaemus1/status/1318995699904688139

kpfniaga.com/backup/Qv/
ethanstech.com/wp-includes/Z/
fsl.com.mx/wp-admin/2T7Ws/
thecitizensforum.org/cgi-bin/kU/
murari.es/wp-content/h/
xcharliesdevils.com/wp-includes/ysv/
hrinternationalbd.com/selectar/h/
caballerosdesanfernando.es/wp-includes/re8nKUj/

# Reference: https://twitter.com/Cryptolaemus1/status/1318995430852694017

farzadkiasat.com/wp-admin/Eb/
hunmao.net/wp-includes/C/
tallyandfin.com/cgi-bin/P/
gosvish.com/wp-admin/B/
searchhomeusa.com/wp-content/o/
h5yx.vishou.net/css/i/
oleegoli.com/indexing/xS/

# Reference: https://twitter.com/Cryptolaemus1/status/1319019223016943620

sangamapparel.com/wp-content_old/whE/
techarpit.xyz/wp-content/GM/
sarfco.com/wp-content/6YE/
best-browser.top/wp-includes/lL/
alternatul.com/wp-includes/4rS/
rapicampi.com/wp-content/ib/
initiativepropertiesltd.com/home/S7s/

# Reference: https://twitter.com/Cryptolaemus1/status/1319048991175331847

scolarite-fssm.uca.ma/wp-content/uploads/Wmo0C/
autofit.pt/wp-content/jjVLAR/
jinyangsheetmetal.co.kr/wp-content/Kx7IN1cEY/
mindgeniltd.co.uk/indexing/X5bSo/
sinanashkan.com/wp-admin/DkHxvf8KX/
navneetfamilycoach.com/wp-content/IRX/
usasnet.com/wp-includes/6k/
admvero.com.br/eleicao/EJcX/
coolfit.in/wp-content/ivi/
equipamentosmix.com/10/Bjky/
murari.es/wp-content/h/
hrinternationalbd.com/selectar/h/
thestudio-ct.co.uk/events/P3/
kailaasa.ca/wp-admin/zeJssVj/
khudanculongdien.vn/wp-admin/HB/
admvero.com.br/eleicao/EJcX/
coolfit.in/wp-content/ivi/
equipamentosmix.com/10/Bjky/

# Reference: https://twitter.com/Cryptolaemus1/status/1319223065696415745

paasologrp.com/parseopmlo/5/
launch.tactikafacewear.com/wp-content/Uk/
singohotel.com/dashboardl/q/
mymathlabhomework.com/wp-content/o/
dietherbsindia.com/assets/k8oo/
dev-tech.eu/demoshop/P0/
mithraa.co/nMT/
chess-pgn.com/win-raid/l6T5/

# Reference: https://twitter.com/Cryptolaemus1/status/1319180621395132416

swiftlogisticseg.com/wp-admin/jiX/
paikapua.com/a0brac3/Y/
gordon-and-son.com/wp-includes/n/
emmanuelmonastery.org/wp-admin/d/
afriwaste.app/wordpress/N7L/
da-industrial.com/js/A4/
onepalate.biz/wp-content_bak/Bc/

# Reference: https://twitter.com/Cryptolaemus1/status/1319253975863070727

sorbonne-capital.com/wp-admin/G/
zagoradesertcamp.com/templates/u/
chavezrob.com/wp-includes/zkd/
buybacksoft.com/old/5s/
thetechieforu.com/wp-includes/2/
movie-2free.com/cgi-bin/d/
yogeejee.com/wp-includes/b/

# Reference: https://twitter.com/Cryptolaemus1/status/1319262232170139650

paasologrp.com/parseopmlo/5/
launch.tactikafacewear.com/wp-content/Uk/
singohotel.com/dashboardl/q/
mymathlabhomework.com/wp-content/o/
dietherbsindia.com/assets/k8oo/
dev-tech.eu/demoshop/P0/
mithraa.co/nMT/
chess-pgn.com/win-raid/l6T5/

# Reference: https://twitter.com/Cryptolaemus1/status/1319309808814706693

akdparivar.com/css/J/
yudaobath.com/wp-includes/vbayxJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1319320563257573376

jumpingphones.com/wp-admin/W/
gksystemsnamakkal.xyz/wp-content/SsH/
baichoi.tranbaocuong.top/application/h5c/
movie-2free.com/cgi-bin/2wv/
mugiya-pan.com/wp/czH/
topperit.com/demo1/tt/
myfarasan.com/wp-admin/o/

# Reference: https://twitter.com/Cryptolaemus1/status/1319334755096272897

acheterdrogues.com/wp-admin/m/
hcareconcepts.com/cgi-bin/1Pwwxf/
jiafunongye.com/application/NJ3Ta/
amarteargentina.com.ar/wp-admin/GOAvrV/
allcannabismeds.com/unraid-map/xcGN/
caacholidays.com.hk/wp-content/jaayDboQ/
selerakampung.com/wp-admin/AGF5qXG/

# Reference: https://twitter.com/Cryptolaemus1/status/1319377511332139009

primaage.com/wp-admin/is/
uvibrands.com/QIG/
morrobaydrugandgift.com/wp-contentbak/T9M/
autodidactai.com/wp-content/5SF/
cs.vitalero.com/wp-includes/Vf/
arcadia-consult.com/wp-admin/6O/
acheterpermis-deconduire.com/wp-admin/network/vv/

# Reference: https://twitter.com/K_N1kolenko/status/1308335594729332737

jobcapper.com/8.7.19/hrS/
scoomie.com/wp-content/uploads/mxjsB/
blog.workshots.net/bibqcr9/Eki/
hxoptical.net/wp-admin/91C/
adidasnmdfootlocker.com/nc_assets/F/
socylmediapc.es/tools/D7Ogq/
lombardzista.pl/wp-content/r/

# Reference: https://twitter.com/K_N1kolenko/status/1306577455499673602

scrappy.upsproutmedia.com/wp-admin/J/
china-specialist.com/wp-content/YrLG/
upsproutmedia.com/wp-admin/M/
pagearrow.com/wordpress/B/
a.xuezha.cn/lajop/OYdUzf/
blog.saadata.com/cgi-bin/vwz/
zeeamfashion.com/content/rqoL/

# Reference: https://twitter.com/K_N1kolenko/status/1306534090812919808

77yxx.com/b5rh/bZxS/
shahramookht.com/t1k12k7t/8jq/
aciitaly.com/adminer-master/gkI/
codelta.es/images/9S35FR/
burstoutloud.com/PPL/Hf/
targetin.com/Silder-1/naK/
dbestfishing.com.sg/67s/wfe/

# Reference: https://twitter.com/K_N1kolenko/status/1301052109379469313

nnpstv.com/newsletter/hDT/
oneinsix.com/plesk-stat/S76/
villatera.com/cgi-bin/CHy/
party-pix.org/cgi-bin/GVp/
sabineschulte.net/cgi-bin/x/
pautz.org/cgi-bin/uB6/
nobius.org/hutchins/w/

# Reference: https://twitter.com/K_N1kolenko/status/1301043012554895361

ptwmusic.com/thumbs/TN/
refinanz.org/bachelorme_de/I/
prprofile.com/wp-admin/B2/
radiomuziekland.com/contact/f/
rbji.com/rbjfiles/5/
relicatessen.com/index_htm_files/9/
phoenix-internet.com/incontext/QJN/

# Reference: https://twitter.com/K_N1kolenko/status/1291617606567428096

tourgunungkidul.com/js/63/
veranista.com/stats/s/
walescounseling.com/wp-includes/BsDZ7QS/
thecreativecafe.co.uk/gallery/Y/
usadatos.com/chai/ikb/
tanitlak.hu/wp-admin/AkMHk/
wolstenholme.ca/teashop/0B6GAKL/
jerem.com/themes/nu2/
mikebonales.com/blog/In5/
grandsignatureyercaud.com/css/Gp/
hstlive.com/blabs/N/
itcsis.com/docuitc/G/
immortalmodeling.com/dev/blog/SF/
jejach.net/widgets/1E/
rifatenterprise.com/dist/go/0Ay/
priyamcollection.com/vinix/3e/
red-master.com/antiguo/WA/
portalsgn.com.br/corpore/xl/
rentaflight.be/PEAR2_maybe_not_used/H9l5C9Q/
pisi1.unixstorm.org/cgi-bin/LVZW/
purrr.nl/wp-content/Y/
moasocialcoop.com/wp-includes/fd/
monahon.com/classyclutches/W/
mediosmilenium.com/mapa/eWv/
monicaestrazulas.com/2018/Z/
mktink.com/logs/Q8/
murias.com/documents/Fu/
n-brake.com/aspnet_client/G8/
wuvyish.com/wp-content/D9/
energjia.com/oxl/k/
hajveryimpex.com/content/0hW/
aeeec.com/about-us/qE/
blog.8888168.xyz/wp-content/P/
instruments.azurewebsites.net/content/vWy/
larisinaja.com/wp-includes/y/
walcial.com/sys-cache/Fh8vQ/
riovibe.com.br/2009/A/
skytechresources.com.br/erros/JyG5bsH/
cosentinoconsult.com.br/v_s_k3/WZN8FbD/
swapnadevelopers.com/temp/U/
opiscineiro.com.br/wp-snapshots/za4yVt/
studio63productions.com/fonts/Dm7Y/
microcomm-group.com/aspnet_client/open-resource/749h0_a_bgapak3l/
missetiquette.com/img/57ry_v_f04/
rouxweb.com/sea/IOm310/
sallyabbeyarts.com/SALLY_ART_2014/UqN4k/
tedde.nl/photosentinel/r_mcjd_p0vrxje/
webstack.com.au/wp-includes/U890802/

# Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html

175.103.38.146:80
149.202.72.142:7080
51.15.7.145:80
177.129.17.170:443
76.175.162.101:80
188.157.101.114:80
108.46.29.236:80
123.176.25.234:80
51.75.33.127:80
78.186.65.230:80
96.245.227.43:80
46.43.2.95:8080
80.241.255.202:8080
142.112.10.95:20
93.186.197.189:7080
121.7.31.214:80
109.13.179.195:80
153.229.219.1:443
51.15.7.189:80
5.196.108.189:8080
202.29.239.162:443
5.89.33.136:80
203.56.191.129:8080
139.162.60.124:8080
74.135.120.91:80
174.106.122.139:80
113.203.238.130:80
75.143.247.51:80
96.249.236.156:443
85.25.106.204:8080
1.226.84.243:8080
183.77.227.38:80
192.232.229.54:7080
24.232.228.233:80
188.166.220.180:7080
162.144.145.58:8080
213.165.178.214:80
78.188.106.53:443
104.131.123.136:443
46.101.58.37:8080
47.36.140.164:80
202.29.237.113:8080
69.206.132.149:80
174.118.202.24:443
190.96.15.50:443
130.0.132.242:80
200.127.14.97:80
190.188.245.242:80
24.231.51.190:80
190.164.135.81:80
172.104.97.173:8080
185.80.172.199:80
24.43.32.186:80
177.23.7.151:80
216.139.123.119:80
190.190.219.184:80
2.58.16.86:8080
45.239.204.100:80
68.252.26.78:80
71.15.245.148:8080
94.212.52.40:80
218.147.193.146:80
178.211.45.66:8080
192.175.111.217:7080
85.214.26.7:8080
49.50.209.131:80
120.150.218.241:443
60.93.23.51:80
192.175.111.214:8080
72.143.73.234:443
46.105.114.137:8080
121.117.147.153:443
191.191.23.135:80
177.144.130.105:8080
110.142.236.207:80
192.81.38.31:80
35.143.99.174:80
118.33.121.37:80
190.240.194.77:443
125.200.20.233:80
71.72.196.159:80
194.4.58.192:7080
73.55.128.120:80
47.154.85.229:80
138.97.60.140:8080
190.191.171.72:80
103.93.220.182:80
115.79.59.157:80
186.74.215.34:80
169.50.76.149:8080
180.148.4.130:8080
118.243.83.70:80
70.169.17.134:80
42.200.96.63:80
190.192.39.136:80
91.146.156.228:80
118.83.154.64:443
128.92.203.42:80
190.108.228.27:443
139.59.61.215:443
37.187.161.206:8080
116.91.240.96:80
95.85.33.23:8080
202.134.4.210:7080
198.20.228.9:8080
190.117.101.56:80

# Reference: https://twitter.com/malware_traffic/status/1309698130468896768
# Reference: https://app.any.run/tasks/018be08a-518e-449f-b7cc-3bc8b5cd8031/

12.163.208.58:80
87.106.253.248:8080

# Reference: https://app.any.run/tasks/210af0dd-4489-4ba6-88f8-5968ac9f1442/

162.241.41.111:7080
http://49.243.9.11

# Reference: https://www.virustotal.com/gui/file/0b741a6961b690e07f80388faf43fc3af9bd74b99e8f223e00fa0a996c23305e/detection
# Reference: https://www.virustotal.com/gui/file/03caf29484a047db9c68e15e6117f665c59b1cc6ea7cdacba9042f80149861b9/detection

http://51.38.124.206
91.105.94.200:80
binarywebtechsolutions.com
vstbar.com

# Reference: https://twitter.com/illegalFawn/status/1310959162822725638

jigsaw.watch

# Reference: https://www.virustotal.com/gui/domain/xnxxfullhd.com/relations

xnxxfullhd.com

# Reference: https://app.any.run/tasks/7bf64b3b-3039-4610-8500-d9ca772797ec/

http://116.91.240.96

# Reference: https://www.virustotal.com/gui/file/9bb84f9fca28c4f9ac90dda5932d089a835344e112aca645497ee884b56e7644/detection

tagkarma.com
simplatecplc.com
sertecii.com
vvk888.ru
easyneti.com

# Reference: https://www.virustotal.com/gui/file/869f09c1b430433a385b4ec13a90eef4cfe0cba092a46fe71107de2f865bdf0e/detection
# Reference: https://www.virustotal.com/gui/file/07546b78e05a399af4c7b6080391583fc4709c2b8e45f2b82ee98ae5a2807dba/detection

http://185.94.252.3
185.94.252.3:443

# Reference: https://app.any.run/tasks/a7d83cd5-65f8-45a4-a743-4e743697af4f/

http://42.200.96.63

# Reference: https://app.any.run/tasks/a32c3139-6e65-4009-adf6-9bc8be58f007/

http://177.23.7.151

# Reference: https://app.any.run/tasks/6ae91afa-8e93-4768-bf0e-9719c2f29ba3/

162.241.140.129:8080
http://69.206.132.149

# Reference: https://pastebin.com/t8DJ96VL

103.3.63.137:8080
184.180.181.202:80

# Reference: https://app.any.run/tasks/e75d2911-c9c6-4c7e-a6a7-d95e2ddf0c0a/

http://208.180.207.205

# Reference: https://app.any.run/tasks/6bc0ba41-3619-40fc-88c1-dc8ef38ee1f8/

http://2.45.176.233

# Reference: https://app.any.run/tasks/130012c7-b13a-49f8-addd-552744b68c8c/

http://221.147.142.214

# Reference: https://app.any.run/tasks/e6d9c6dc-dd3e-478d-958d-f3762df82a7d/

dodungphongtam.com

# Reference: https://twitter.com/Marco_Ramilli/status/1318135068049670144

167.114.153.111:8080

# Reference: https://twitter.com/malware_traffic/status/1318710455678926848

91.121.87.90:8080

# Reference: https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet
# Reference: https://otx.alienvault.com/pulse/5f8dd264c6e41e9e60cf67c7

http://182.16.26.194
http://23.133.5.144
http://43.249.30.212
00pozrjbpm.xyz
enjinchang.cn
jiyingkou.cn

# Reference: https://twitter.com/VirITeXplorer/status/1320634658833473536

punto-0.org/wp-content/peqlZz/
mahesaku.com/wp-content/AEnN/
1024db.com/wp-admin/Vf/
roofwellness.com/wp-admin/S0/
nurmarkaz.org/wp-content/LL/
wp83.talentsprint.com/wp-content/d0NpZ7/
campflamingo.org/wp-content/QCTr/
fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/

# Reference: https://twitter.com/VirITeXplorer/status/1320645299250122752

inbichngoc.com/wp-admin/S/
ulkucusarkilar.com/networko/wN/
rise-creative.com/cgi-bin/K/
celestinastore.com/old/rB/
ferreteriassolano.com/wp-content/x/
aryacreations.com/wp-includes11/tf/
sinapsisenergia.com/customerl/tE/
madrushdigital.com/wp-admin/OJ5Uu5J/
heankan.bio/js/T8oCHm/
jupitermarinesales.com/wp-content/cache/xLWIP/
lovetraveltoday.com/localisationl/0zwJxNkMRK/
unikaryapools.com/wp/JWUG4n/
akdgroup.co.in/jio/8vSciyhM/
ufak2.com/demo/2hhpCYzwTL/

# Reference: https://twitter.com/Cryptolaemus1/status/1320716324453179394

needhelp.gr/wp-includes/Qlpz/
computerjungle.it/wp-content/N/
polaroidamsterdam.nl/wp-admin/IlDz/
vitrinapyme.com/wp-admin/ws9w/
bopetsupplies.com/tui/b2uMLAj/
maturisampietro.ch/wp-admin/VR/
lixko.com/wp-includes/zrEfpj/
si-batangaspremier.org/wp-admin/Q/

# Reference: https://twitter.com/Cryptolaemus1/status/1320751795015221250

ivytheme.com/wp-admin/LyR/
secuado.com/wp-content/plugins/apikey/6/
passionpastry.com/wp-admin/n/
caglayann.com/wp-admin/Xt1/
crechereviver.org/siteunavailable/3/
logistician.org/wp-admin/aGQ/
m-tash.com/wp-includes/9/

# Reference: https://twitter.com/Cryptolaemus1/status/1320754787554627584

alexdepase.coach/wp-admin/Ic4ZVsh/
amiral.ga/wp-content/cUFTze5/
iebf.org.uk/wp-admin/QF/
onlineapps.com.au/wp-includes/ZROO26A9/
gazeindia.com/wp-content/kOCbnAdSdG/
alarmpistool.com/wp-admin/3dk0z92i4/
factum24.pro/cgi-bin/dYNq4D/

# Reference: https://twitter.com/Cryptolaemus1/status/1320784947842568193

360digest.beyondb-school.com/wp-content/07A/
nhatcuong.xyz/wp-content/Szx94QD/
braceyourself.us/wp-admin/J/
carl99a.com/cgi-bin/P1IwSg/
seitaiken.net/wp-admin/Qz9B/
arpe-samois.fr/wp-content/eQCw/
fitthemes.com/wordpress-5.3.2/O/
nakanoyoi5.com/wp-admin/GfPlB/

# Reference: https://twitter.com/Cryptolaemus1/status/1320801741408030720

campflamingo.org/wp-content/QCTr/
fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/

# Reference: https://twitter.com/Cryptolaemus1/status/1320821381106442241

preilurd.com/wp-admin/N/
twistan.com/wp-content/pxj/
beliloba.com/cgi-bin/1t/
jabalmubarak.com/wp-includes/mq/
xxxporn.futbol/wp-includes/vC/
vietnamdigitalmarketing.org/wp-includes/qd/
haule.net/wp-content/JAJ/

# Reference: https://www.virustotal.com/gui/file/143248cab06613908c20d4532e2ea212fa672788ea83cf4cac123499fe56f576/detection

172.86.186.21:8080
177.107.79.214:8080
59.148.253.194:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1320972542270734337

homewatchamelia.com/wp-admin/MQxjrRU/
pottershousedurban.co.za/cgi-bin/109J/
toorak.ie/wp-includes/aT/
theginlibrary.de/wp-includes/ma/
coeurclaudelien.fbcars.net/cgi-bin/tJt0Sqg/
mamac.top/wp-admin/GWQACP/
jwskincare.vn/setupconfigo/pF6g/
9s2s.com/wp-admin/XKowb/

# Reference: https://twitter.com/Cryptolaemus1/status/1321046903619047424

yourprivatelife.com/wp-admin/sq/
firsattrade.com/wp-content/pI/
ashiq.xyz/wp-content/qX/
aryabhattahighschool.com/wp-includes/C1x/
angelsandfriends.com/wp-includes/d31/
dmccainlaw.com/wp-content/3/
tvcableinternetdeal.com/wp-content/cu/

# Reference: https://twitter.com/Cryptolaemus1/status/1321045770880065536

royalempresshair.com/wp-content/upgrade/Ete/
kbppp.ilmci.com/wp-includes/z/
tiplabor.com/images/Du1/
0377hhd.com/cgi-bin/q/
sorbonne-capital.com/wp-admin/Jip/
dijitalklinik.com/wp-admin/LYq/
qualitymathtutors.com/wp-content/GfE/

# Reference: https://twitter.com/Cryptolaemus1/status/1320974739733700608

mevaconyeu.vn/forgottenl/lBjZjuaWO/
babyg-vietnam.vn/wp-content/cuBO2E7bE/
wikibricolage.com/wp-admin/R/
innhanmachcm.com/wp-admin/IB32/
apyarlovers.com/wp-admin/eAiaD/
pilanjau-berau.desa.id/wp-admin/t/
madivarealty.com/wp-includes/XulnC6a/

# Reference: https://twitter.com/Cryptolaemus1/status/1321054328916975618

noorpurefood.com/wp-content/eyH9I/
amorepooh.com/wp-content/themes/twentyseventeen/G3RZxc/
hatele.net/wp-admin/N/
promaxgh.com/wp-content/uploads/f/
pikama.us/wp-includes/BBW/
shaishavchildrights.org/wp-content/L4bRiZo/
maradrugstore.com/old/n/
lilianaoliveira.com/office-365/m1MRNr/

# Reference: https://twitter.com/Cryptolaemus1/status/1321216463697596416

josejuanarroyo.com/antithetical-bulblet/l/
movie-2free.com/cgi-bin/s/
buckzy.net/wp-admin/zF/
suksiriestate.com/cgi-bin/xjz/
gk725.com/breadbox/mlu/
datawyse.net/Ccl/5W/
ppzo.top/wp-admin/o1/

# Reference: https://twitter.com/Cryptolaemus1/status/1321122347865280513

904y.com/how-to/A6/
acredales.com/thank_you/U0u9Z/
adinterix.com/laybuy-investors/9Ab6/
angiathinh.com/autotoxication/Iue/
bahamianrelief.org/VpHo/ey/
biharbhumibazar.com/wp-admin/D/
bridgestoworkapp.com/wp-content/c1/
car4libya.com/cgi-bin/sDBhPqx/
cidoresearch.com/wp-content/Cb5afhZDr6/
ciucurencutl.ro/wp-admin/WhcybcaN/
daeg.su/wp-content/iYH/
dartzeel.com/wp-content/yf/
datablockssolutions.com/rgit/kd6/
dieteticienne-tiffany.com/wp-includes/rGJaLg5/
dotasarim.com/wp-admin/Dyz/
edirnereklamajansi.com/wp-includes/dN/
fit.develab.mx/wp-admin/sjai4FA/
florumgroups.net/mysite/C0NYBd/
gibraltarsalesgroup.com/public/qdI/
jiehost.com/wp-admin/6ZFh6A/
meshzs.com/wp-includes/E/
mobis-autoloan.com/wp-content/YvqoBse/
mueindustries.com/wp-admin/D/
odmova.pl/retranslate/OqLdry/
ostranderandassociates.com/var/thpY/
pacificfe.com/shadow-health/nQ/
personalizedjigsaws.com/replace_img/qG6D9T/
queensport.nl/accp/dz/
ruiermi.com/wp-admin/jmb/
scw8.net/wp-content/1MkWc/
servitekifix.com/wp-admin/C/
socialplaymedia.com/wp-content/Czj/
stabri-thailand.org/cgi-bin/1GKI/
terasrumahkayu.com/wp-admin/dHeLE/
thietkequangcaothanhhoa.com/phosphoryl/UJwwiQu/
uxnew.com/old/9/
weeklyoutfits.com/how-much/zw2z/
yoga.gift/content/nc/

# Reference: https://twitter.com/malware_traffic/status/1321182175916679168

91.121.200.35:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1321406330595401728

nanettecook.org/wp-admin/x/
scalarmonitoring.com/wp-admin/js/widgets/S0A/
fourseasonsjsc.com/wp-admin/hzu9vvt/
ningyangseo.com/wp-admin/am/
rapidcarwash.net/wp-content/nO6U/
coolchacult.com/wp-includes/i/
anpbodysculpting.com/wp-content/themes/twentytwenty/c/
lamajesteindustries.com/wp-content/DRTujMR/

# Reference: https://twitter.com/Cryptolaemus1/status/1321413462229196807

panoramafe.com/slabbing/bBkdFoF96m/
enolil-loo.com/agillawood/CZafm/
394509.com/biogenesis/ab/
oluwatomiwa.com/mail.oluwatomiwa.com/T/
mansa.com.vn/myographist/zRf6yPRec/
asianprosource.com/verb/rdB6m/
khangnguyen.store/wp-includes/theme-compat/eSIyT/

# Reference: https://twitter.com/Cryptolaemus1/status/1321427295320629248

anizonehealthcare.com/wp-includes/I/
mthealthcare.net/wp-admin/h/
mynesnetwork.com/cgi-bin/Iw/
asahalpha.com/wp-snapshots/tmp/7/
greenlandlion.com/wp-content/zny/
vidamelhor.online/wp-includes/uy/
sobresaude.space/wp-includes/J/

# Reference: https://www.virustotal.com/gui/file/b281c158288b59d60949f1d15c53d7f47e507b2db6e015043d464daaf10f952f/detection

http://88.153.35.32

# Reference: https://twitter.com/Cryptolaemus1/status/1321453607758254080

leapmom.com/ukeol/c/
csgcargo.com/wp-content/d/
greenleafnaturalfarms.com/cgi-bin/h/
rucloset.com/gon/4/
pachiba.com/blogs/7/
betsdotbahisgiris.com/cgi-bin/I/
rawmeditations.com/wp-content/r/

# Reference: https://twitter.com/abel1ma/status/1321728085520117762
# Reference: https://app.any.run/tasks/d5fd0b9c-9fff-4953-b886-20b2b711262f/

152.32.75.74:443
demowebsite6.club/wp-admin/wKm1/
jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/
visionmedia.vn/wp-includes/bjkuZ9LtT/

# Reference: https://twitter.com/Cryptolaemus1/status/1321705613492146176

visionmedia.vn/wp-includes/bjkuZ9LtT/
demowebsite6.club/wp-admin/wKm1/
itgallery.com.bd/backup/7/
jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/
airrlist.com/wp-includes/VBG/
ppinds.in/fonts/NnaS2zf/
yadanaraung.com/wp-content/zWNM/

# Reference: https://twitter.com/Cryptolaemus1/status/1321672520391680000

eclatcollection.com/kohler-14resa/YpUuby/
ismlm.xyz/wp-admin/P/
corsiwebonline.it/wp-content/yQqe7/
conclassdigital.com/wp-content/thTgRn/
jtech.com.vn/wp-includes/IhSNuI/
hijoaajakakhabar.com/cgi-bin/cHoz/
magicwandcompany.net/wp-includes/bRVTJyc/
saladrepublic.in/cgi-bin/WmRD/

# Reference: https://twitter.com/Cryptolaemus1/status/1321755092098441216

dishtvweb.com/cgi-bin/xnAWwP/
bindhyabasinitemple.com/wp-includes/f8U8g/
radiolevi.ro/wp-content/vDbB/
kartsms.com/wp/s/
blog.opospalia.eu/wp-admin/k/
paridhiyadav.com/wp-content/hc/
socalvending.com/wp-content/8z/
makkinouz-groupe.com/wp-includes/q/

# Reference: https://twitter.com/Cryptolaemus1/status/1321802724971843584

enjoymylifecheryl.com/wp-includes/FPNxoUiCz3/
homewatchamelia.com/wp-admin/qmK/
seramporemunicipality.org/replacement-vin/Ql4R/
imperfectdream.com/wp-content/xb2csjPW6/
mayxaycafe.net/wp-includes/UxdWFzYQj/
420extracts.ca/cgi-bin/Ecv/
casinopalacett.com/wp-admin/voZDArg/

# Reference: https://twitter.com/Cryptolaemus1/status/1321778299379634177

innhanmachn.com/wp-admin/sA/
shomalhouse.com/wp-includes/ID3/IDz/
blog.martyrolnick.com/wp-admin/Spq/
frajamomadrid.com/wp-content/g/
pesquisacred.com/vmware-unlocker/daC/
medhempfarm.com/wp-admin/Lb/
ienglishabc.com/cow/2BB/

# Reference: https://twitter.com/Cryptolaemus1/status/1321838206040637440

tinytowntees.com/wp-content/TV/
0377hhd.com/cgi-bin/ru/
easytigershop.com/wp-includes/css/GxWFH/M/
paisocial.org/wp-includes/X9D/
primecigarettes.com/wp-content/7/
evexiahk.com/wp-content/u2x/
bathroomnerds.com/wp-content/e/

# Reference: https://twitter.com/Cryptolaemus1/status/1321894855019298816

attenstyle.com/wp-admin/pB/
ningyangseo.com/wp-admin/8l/
mrveggy.com/erros/4/
aischoolofindia.com/wp-content/KFn/
vitrinapyme.com/wp-content/Jw/
trassierramotor.com/photo-gender/oz2/
codavatar.com/wp-content/MiU/

# Reference: https://twitter.com/Cryptolaemus1/status/1321933654478757901

supportessays.com/wp-admin/iuz/
royalempresshair.com/wp-content/upgrade/Fj/
acredales.com/thank_you/d/
mail.bursaevdenevenakliyat.link/jelab/YSS/
180clubrealestate.com/wp-includes/0go/
albertoordonez.com/coinpot-faucet/vo8/
techofbeauty.com/cgi-bin/o0/

# Reference: https://twitter.com/Cryptolaemus1/status/1321931581741817859

foryoulady.com/wp-admin/H3Tu5s/
flem-cartoons.fr/wp-includes/Gogzje/
blog.19850120.xyz/wp-admin/VOfoZiU/
capellaevents.com/val-images/mD2zBip/
amirthafoundation.com/wp-admin/0KetV/
busyafnutrition.com.au/wp-admin/A83yfME/
sploong.net/cgi-bin/JsbuL5/
sygnalizujemy.pl/wp-admin/yj/

# Reference: https://twitter.com/Cryptolaemus1/status/1322054843247300608

vidadohomem.com/wp-content/v/
ecobaratocanaria.com/wp-admin/eR/
uxnew.com/old/89i/
tz004.com/ad_files/a0/
removepctrojan.com/wp-admin/b/
mycollegecp.com/content/jA/
legalempowermentindia.com/cgi-bin/Qs/

# Reference: https://unit42.paloaltonetworks.com/domain-parking/
# Reference: https://urlhaus.abuse.ch/url/494116/

valleymedicalandsurgicalclinic.com/ujftb/statement/wr7hoba7i9hz/

# Reference: https://www.virustotal.com/gui/file/66254770f3aa819dbb3dd005d6f8318bc29852bcb0ef77f6a251803dcdbca8ad/detection

http://190.162.215.233
http://190.164.104.62
http://201.241.127.190
http://37.179.204.33
107.170.146.252:8080
154.91.33.137:443
173.212.214.235:7080
61.33.119.226:443
72.186.136.247:443

# Reference: https://twitter.com/neutrify/status/1321804354907705344

betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/
rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/
innhanmachn.com/wp-admin/sA/
shomalhouse.com/wp-includes/ID3/IDz/
blog.martyrolnick.com/wp-admin/Spq/
frajamomadrid.com/wp-content/g/
pesquisacred.com/vmware-unlocker/daC/
medhempfarm.com/wp-admin/Lb/
ienglishabc.com/cow/2BB/

# Reference: https://paste.cryptolaemus.com/emotet/2020/10/29/emotet-malware-IoCs_10-29-20.html

117.2.139.117:443
2.58.16.89:8080
85.246.78.192:80
129.232.220.11:8080
100.37.240.62:80
73.100.19.104:80
183.176.82.231:80
202.134.4.216:8080
168.197.45.36:80
49.3.224.99:8080
189.34.181.88:80
58.94.58.13:80
190.164.104.62:80
213.52.74.198:80
181.120.29.49:80
134.209.144.106:443
78.90.78.210:80
101.187.81.254:80
109.190.35.249:80
201.171.244.130:80
201.241.127.190:80
77.78.196.173:443
81.215.230.173:443
190.29.166.0:80
2.82.75.215:80
85.105.111.166:80
66.76.12.94:8080
64.207.182.168:8080
209.141.54.221:7080
118.69.11.81:7080
172.86.188.251:8080
200.24.255.23:80
188.226.165.170:8080
109.206.139.119:80
24.133.106.23:80
193.251.77.110:80
51.89.199.141:8080
109.99.146.210:8080
102.182.93.220:80
181.58.181.9:80
62.171.142.179:8080
37.179.145.105:80
172.193.79.237:80
201.71.228.86:80
37.183.81.217:80
159.203.16.11:8080
41.185.28.84:8080
103.13.224.53:80
67.170.250.203:443
5.2.246.108:80
177.130.51.198:80
192.198.91.138:443
186.189.249.2:80
200.59.6.174:80
5.2.164.75:80
74.214.230.200:80
153.204.122.254:80
201.49.239.200:443
202.134.4.211:8080
192.175.111.212:7080
109.116.245.80:80
186.193.229.123:80
188.251.213.180:80
87.230.25.43:8080
60.249.78.226:8080
190.162.215.233:80
50.245.107.73:443
60.108.128.186:80
59.125.219.109:443
188.80.27.54:80
190.64.88.186:443
201.163.74.203:80
80.227.52.78:80
83.103.179.156:80
109.242.153.9:80
61.76.222.210:80
197.221.227.78:80
181.61.182.143:80
115.94.207.99:443
68.115.186.26:80
24.230.141.169:80
173.173.254.105:80
194.190.67.75:80
78.206.229.130:80
178.254.36.182:8080
94.23.62.116:8080
190.45.24.210:80
176.113.52.6:443
217.123.207.149:80
217.20.166.178:7080
5.12.246.155:80
190.180.65.104:80
200.243.153.66:80
2.45.176.233:80
179.222.115.170:80
181.123.6.86:80
119.59.116.21:8080
189.223.16.99:80
95.76.142.243:80
89.121.205.18:80
24.178.90.49:80
190.101.156.139:80
182.208.30.18:443
120.72.18.91:80
138.68.87.218:443
98.103.204.12:443
109.101.137.162:8080
24.135.69.146:80
187.162.250.23:443
70.39.251.94:8080
202.141.243.254:443
41.76.213.144:8080
190.92.122.226:80
123.142.37.166:80
74.40.205.197:443
189.123.103.233:80
79.118.74.90:80
119.228.75.211:80
172.105.13.66:443
95.9.5.93:80
169.1.39.242:80
88.153.35.32:80
187.193.221.143:80
190.202.229.74:80
186.70.56.94:443
27.114.9.93:80
173.63.222.65:80
110.37.224.243:80
37.179.204.33:80
82.76.52.155:80
103.236.179.162:80
181.59.59.54:80
94.230.70.6:80

# Reference: https://twitter.com/Cryptolaemus1/status/1322103743584833537

kharazmischl.com/w/okz/
help-m2c.eccang.com/pseovck27kr/n/
myfarasan.com/sitepage/z/
chengmikeji.com/dertouqua/Ocm/
enews.enkj.com/wordpress/bd/
ecobaratocanaria.com/wp-admin/ms/
cimsjr.com/hospital/4q/
akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/

# Reference: https://twitter.com/Cryptolaemus1/status/1322096259281358848

pipesplumbingltd.com/DB/Yg2rsTn/
annabphotography.co.uk/wp-includes/WdHO/
childselect.com/cgi-bin/BSA/
movie-2free.com/cgi-bin/F/
sachcodoc.net/wp-admin/pOyZDC/
aramisconstruct.ro/wp-admin/Hpbd6/
manweikeji.com/wp-content/X/
farmapleland.com/wp-content/F/

# Reference: https://twitter.com/Cryptolaemus1/status/1322181156377415680

dotasarim.com/wp-admin/AYO/
servitekifix.com/wp-admin/nBJ/
dieteticienne-tiffany.com/wp-includes/p/
moralaree.com/journal/R/
mobis-autoloan.com/wp-content/76/
footballstep.com/cgi-bin/A/
naturalwaterresources.com/wp-content/XjR/

# Reference: https://twitter.com/Cryptolaemus1/status/1322176462150078465

da-industrial.com/js/9IdLP/
daprofesional.com/data4/hWgWjTV/
dagranitegiare.com/wp-admin/tV/
outspokenvisions.com/wp-includes/aWoM/
mobsouk.com/wp-includes/UY30R/
biglaughs.org/smallpotatoes/Y/
ngllogistics.africa/adminer/W3mkB/

# Reference: https://twitter.com/Cryptolaemus1/status/1322249061362208769

inbichngoc.com/wp-admin/K/
angiathinh.com/autotoxication/96F/
meshzs.com/wp-includes/p6/
dartzeel.com/wp-content/jHy/
zhidong.store/wp-content/BDY/
australaqua.com/wp-content/xIt/
nurmarkaz.org/designl/u/

# Reference: https://twitter.com/malware_traffic/status/1322292869584035841
# Reference: https://app.any.run/tasks/22ebd2c7-0e8d-4966-885a-e592345cf173/

45.230.228.36:443

# Reference: https://twitter.com/neutrify/status/1322326661858250752

dotasarim.com/wp-admin/AYO/
servitekifix.com/wp-admin/nBJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1323297480843403264

201.184.105.242:443
74.75.104.224:80
78.125.252.112:80

# Reference: https://twitter.com/Cryptolaemus1/status/1323356134233747461

105.184.126.15:80
154.127.113.242:80
5.2.182.7:80

# Reference: https://www.virustotal.com/gui/file/04fe8553d197a8433ea9c11a17806fefa6b8da562dc8e68aecf5899a433d16c3/detection

http://80.227.52.78
167.71.13.58:8080
195.201.128.184:8080

# Reference: https://twitter.com/neutrify/status/1324839425340309504

pipesplumbingltd.com/DB/Yg2rsTn/
annabphotography.co.uk/p-includes/WdHO/
childselect.com/cgi-bin/BSA/
movie-2free.com/cgi-bin/F/
sachcodoc.net/p-admin/pOyZDC/
aramisconstruct.ro/p-admin/Hpbd6/
manweikeji.com/p-content/X/
farmapleland.com/p-content/F/

# Reference: https://www.virustotal.com/gui/file/6e7b92af945eb2de94528ce9dc2e5c2e28af3363f6726c75c2bbfb0f8d2ca2fe/detection

61.142.176.23:30339
1e62p84873.51mypc.cn

# Reference: https://www.virustotal.com/gui/file/5167022959e19b004ebe4b82604ffbe83ece55964953c50cd539647a44a3d3b5/detection

83.35.213.87:7080

# Reference: https://twitter.com/JCyberSec_/status/1331933717678460929

hotwell.at

# Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf

0377hhd.com/cgi-bin/q/
0377hhd.com/cgi-bin/ru/
360www.ca/content/2/
4pmedia.vn/wp-admin/docs/w7Dp3kbsjwHYVp3xIzjY/
9c4i.cn/flightsearch/DOC/ZZofE663toMZcR/
aahnaturals.net/wp-includes/TX/
adidasyeezy.store/welph/m/
admvero.com.br/eleicao/EJcX/
africafoodworld.com/wp-admin/WD/
afriwaste.app/wordpress/N7L/
agily.fr/wp-content/INC/HYZgOObWGv0Dd0YS/
agriseason.africa/wp-includes/Juv/
agroproindia.com/cgi-bin/95r09UGlIj/paasologrp.com/parseopmlo/5/
aguemiimoveis.com/bond-market/73a/upcloudweb.com/content/a/
airrlist.com/wp-includes/VBG/
akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/
allindiacrimepress.com
allindiacrimepress.com/blogs/media/AO9/
amerifencewichita.com/indexing/4ZIF1OB9W2GK/Wvw5WKvUFnBFpOpJQG/
amicusdh.org/coaid/0g/
anjia-ceramics.com/aliner-camper/K/
annabphotography.co.uk/p-includes/WdHO/
apidocs.dcdial.com/wp-includes/H/
aramisconstruct.ro/p-admin/Hpbd6/
aryacreations.com/wp-includes11/tf/
avoyrakib.com/wp-admin/28/
avozdecamacari.com/home/000~ROOT~000/dev/shm/E/
bachhoanhale.com/wordpress/I/
bathroomnerds.com/wp-content/e/
bazarkotulpur.com/wp-content/0tu/
beta.zoneberry.com/bysyswexecf/x3/
betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/
bharatlearningsolutions.com/content/MNd/
bigprint.pictures/cgi-bin/o/
blackstonetutors-onlineportal.com/wp-includes/fm/
blog.martyrolnick.com/wp-admin/Spq/
bloglamtinh.com/wp-admin/N/
bnmintl.com/cgi-bin/Ibu/
bold-c.com/wp-admin/Ac/
bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/
brasilcacambas.com.br/
breedenandsilver.com/wp-content/ix6/
brightcdr.com/wp-content/LNTELiq/
buesink.com/Pics-shower/ScE/
buybacksoft.com/old/5s/
bvlserramenti.net/wp-content/35280569593/kjLpBnrK6kLEgZ3/
calculafacturaluz.com/sys-cache/9W/
cavancart.com/staticmap/WR/
cearacultural.com.br/admin/itkfdUik4/
cefaly.club/themes/lA/
celestinastore.com/old/rB/
charlesze.com/content/z0lGKS/
chavezrob.com/wp-includes/zkd/
chemicalbusiness.com.br/wp-admin/sites/WJAKzmqhFV7fRahBTc/
chengmikeji.com/dertouqua/Ocm/
chengmikeji.com/wp-includes/sk/
chess-pgn.com/win-raid/l6T5/
childselect.com/cgi-bin/BSA/
childselect.com/cgi-bin/a/
childselect.com/cgi-bin/y/
cimsjr.com/hospital/4q/
comercialadvance.com/images/MFXxM5Tg/
converdrive.cl/administrative-assistant/onME1zxPMS/
coolfit.in/wp-content/ivi/
cplt20live.com/wp-includes/ae/
creationskateboards.com/shred/H/
criee-des-saveurs.com/wp-admin/public/STMm3p0jJDUqkWV/
da-industrial.com/js/A4/
daga88.com/reviewl/Tj0Ntc
dailypharmajobs.com/cgi-bin/CyCdO/
datawyse.net
ddazzlediamonds.com/advertisel/m/
demowebsite6.club/wp-admin/wKm1/
dev-tech.eu/demoshop/P0/
dieteticienne-tiffany.com/wp-includes/p/
dietherbsindia.com/assets/k8oo/
dijitalklinik.com/wp-admin/LYq/
divemed-tech.com/will-a/gjzE/
dlhagency.com/cgi-bin/8z/
dmtland.com/wp-admin/4k/
dotasarim.com/wp-admin/AYO/servitekifix.com/wp-admin/nBJ/
drwalidabdelgaffar.com/dentalia/lL/
duberysunglass.com/img/A/
e-machine.com.br/mailer/BjCInTq6b/
easytigershop.com/wp-includes/css/GxWFH/M/
ecobaratocanaria.com/wp-admin/eR/
ecobaratocanaria.com/wp-admin/ms/
ecommarket.xyz/uptown/LSm7vXy0v/
econews.treegle.org
econews.treegle.org/how-to/2V/
edgeclothingmcr.com/indexing/c9/
eldahwa.com/9th-grade/F2Kw/
electronicsvibes.com/wp-includes/4N/
emmanuelmonastery.org/wp-admin/d/
emroozmarket.com/wp-content/2y/
enews.enkj.com/wordpress/bd/
engineering-2s.com/SS_Paypal/X/
englishmatters.hk/wp-admin/hDcXxqmeD8/
envirohubconsulting.co.za/cgi-bin/vI5/
eos-promo.com/hk-sgp/Tg4/
equipamentosmix.com/10/Bjky/
esse-outdoor.com/wp-admin/G6EJGCZE7MV/nHfGSKQ46euUGl/
events.medialogic.cloud/blazor-preventdefault/r8W/
evexiahk.com/wp-content/u2x/
evisualsoft-001-site3.atempurl.com/wp-content/C7/
exploreneuro.com/ps4-controller/w/
farmapleland.com/p-content/F/
ferreteriassolano.com/wp-content/x/
financiamentointeligente.com/wp-content/Fj/
finkarma.in/wp-admin/parts_service/VAdFw9JJj4DcC85StkyL/
florinconsultancy.com/wp-content/1/
footballstep.com/cgi-bin/A/
forsalebyowner247.com/wp-includes/8m/
fortunelabels.com/test/SZ/
foulgerteam.com/foulgerteam.com/i/
frajamomadrid.com/wp-content/g/
genyomalhas.com.br
geosrt.com/atrabiliary/yfH/
giacimenti.wine
givingthanksdaily.com/5Q/
goldenyemen.com/wp-admin/INC/RUoRW1W0oDKQg/
gordon-and-son.com/wp-includes/n/
grandages.org.my/office/y6Uz/
greensync.com.br
gtech.thngo58.com/wp-includes/9zo/
gymmuscle.tk/wp-content/U8j1Bkh/
habiganjjournal.com/wp-content/TUQB/
hashilife.com/sitepage/GY/
help-m2c.eccang.com/pseovck27kr/n/
hodmunha.info/wp-includes/Ce/
homeabortionpillsrx.com/ext/N6SKd/
hoobiq.com/cgi-bin/Xyv/
hostimpel.com/js/q/
hottco.com/stats/lX/
housetutor.wasseela.com
housetutor.wasseela.com/x2ekf/sWv/
housetutor.wasseela.com/x2ekf/tMR/
hrinternationalbd.com/selectar/h/
humanresourceslifeline.com/wp-content/Documentation/jMe4PpvS9x4QO8N6a1/
huwo.xyz/message/u/
icilimoges.com/wp-includes/Ym/
ictmisericordia.org/cgi-bin/c/
iei7.com/wp-admin/5ShKLn/
ienglishabc.com/cow/2BB/
imenbartariran.com/wp-admin/CZ/
inbichngoc.com/wp-admin/S/
infoquick.co.uk/business_card/RANADek/
inmobiliariaconfiaviv.com/wp-content/eTrac/BadR1jgkpBK/
innhanmachn.com/wp-admin/sA/
innhanmacquanaogiare.com/wp-includes/Jh1/
innoovation.com/blogs/sOKc4/
inspira-psicologia.com/css/F/
invaluablearts.com/6sn1f/t/mycollegecp.com/content/kRL/
inventorelectronica.com/wp-admin/M/
iq51.com/wp-admin/tBO/
isupportthecause.org/wp-includes/sbCBUzN/
itaalabama.org/wp-admin/LLC/433O2ew51Qg/
itgallery.com.bd/backup/7/
jespersen.org/carter/J/
jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/
johndaurizio.com/wp-includes/Uhp4cB5mgN/
jorgecoronel.com/webmaster/kYH/
kailaasa.ca/wp-admin/zeJssVj/
kbppp.ilmci.com/wp-includes/z/
kharazmischl.com/w/okz/
khudanculongdien.vn/wp-admin/HB/
kianyadak.com
kianyadak.com/ik/M/
krais.co.il/wp-admin/b/
ladsbarbearia.com/wp-content/PI/
launch.tactikafacewear.com/wp-content/Uk/
legalempowermentindia.com/cgi-bin/Qs/
libidgel.edtsantos.com/attachments/tovx4Z21Z0vnneKNz/
lifegear.store/wp-admin/RsMLwQ/
lingbaojuan.com/cache/TSkvly/
lsmanga.com/migration/FaU/
luofox.com
lylydressforless.com/wp-admin/ffV/99fabrics.com/wp-content/dGq/
mahfuzur32785.com/identify-the/IM/
mail.cozyreview.com/
mail.cozyreview.com/Ko8/econews.treegle.org/how-to/v/
mail.maxjalost.de/ogretmenevi/parts_service/atv5vHbwJLs/
mallowsvirtualcreatives.com/llfdsofdsfss/51C/
manweikeji.com/p-content/X/
mauriciosinjuicio.com/zoom-meeting/r/
mea.kaisariani.gr/tmp/eTrac/Wrinfk9rgr/
medhempfarm.com/wp-admin/Lb/
meeak.com/wp-admin/lcJ/
mentoringcue.com/cgi-bin/wRA/
methilinfotech.com/maliga/th/
michaelandrewsbakery.com/wp-admin/M/
mithraa.co/nMT/
mobis-autoloan.com/wp-content/76/
mohamedfouad84.cf/wp-admin/esp/6F6ZbRmOSh3Y/
mohamedsayed.com/wp-admin/Zt/
monicasharma.info/reviewl/i/
moralaree.com/journal/R/
movie-2free.com/cgi-bin/F/
movie-2free.com/cgi-bin/d/
mrveggy.com/erros/PO/
mycollegecp.com/content/jA/
myfarasan.com/sitepage/z/
mymathlabhomework.com/wp-content/o/
myseedology.com/cgi-bin/7GzFsT/
naturalwaterresources.com/wp-content/XjR/
novaworlds-muine.com/khudothiaquacity.com/a/
nucleokardecistalace.org.br/wp-includes/nHEnWi/
nursesweekparty.com/wp-includes/bQR/
nxyykj.com/wp-includes/public/fsjkKDRASoYBv/
olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/
onepalate.biz/wp-content_bak/Bc/
online2u.biz/ogretmenevi/4Yj/
onlinedatabasesolutions.com/cgi-bin/Documentation/nn7GTEoQPlnkrDJOVDgq/
optimisticdeals.com/wp-content/S/
ortodonciatafur.com/cgi-bin/Ntl3kiFM/
p4uclasses.com/wp-content/G/
paganwitch.com/wp-admin/0pd/
paikapua.com/a0brac3/Y/
paisocial.org/wp-includes/X9D/
pandebaik.com/_vti_bin/Y/
pearlcomputers.com.pk/bitcoin-apk/37qD0b/
personaltrainersindia.com/fonts/Q55X/
peruvianmister.com/wp-admin/browse/xHOyYgbYmWzNrIW2/
pesquisacred.com/vmware-unlocker/daC/
pgiso.com/wp-admin/mCQ/
pipesplumbingltd.com/DB/Yg2rsTn/
plakatjogja.com/wp-content/X/
poppylon.com/wp-admin/E22zho/
portal.digitalcompass.com/Styles/deeB/
portesobertes.proven.cat/wp-content/Overview/Ql24rtGdmlwBBY7I/
ppinds.in/fonts/NnaS2zf/
prabhatcycles.com/prabhatcycles/U1i7/
primecigarettes.com/wp-content/7/
prospershow.com/wp-content/I/
pxid360.com/wp-admin/PN/
qualitymathtutors.com/wp-content/GfE/
quicktowtowing.com/wp-content/mu-plugins/uMM/
raissamaison.com/wp-includes/EENf/
rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/
removepctrojan.com/wp-admin/6/
removepctrojan.com/wp-admin/b/
riandutra.com/img/YX1/
right2liferx.com/admin/AcgEH/
rise-creative.com/cgi-bin/K/
rossie.in/wp/6L0U/
rovonize.com/email.rovonize.com.rovonize.com/M/
royalempresshair.com/wp-content/upgrade/Ete/
royalnight.in/wp/lEA2gXXBj/
rtjandxly.online/wp-content/kir/
rylh.vip/abeka-9th/d9/
sachcodoc.net/p-admin/pOyZDC/
safeabortionrx.com/ext/XII/
sanayate.com/wp-includes/hd/
sff3d.com/3d/xk/
sheriaspace.com/wp-admin/R/
shomalhouse.com/wp-includes/ID3/IDz/
shraddhacarrentalindore.com/wp-includes/M/
sinapsisenergia.com/customerl/tE/
singohotel.com/dashboardl/q/
sistaqui.com/wp-content/l2/
skysatservices.co.uk/cgi-bin/parts_service/O8xj3TSqVNo6OVs/
sorbonne-capital.com/wp-admin/G/
sorbonne-capital.com/wp-admin/Jip/
souryumon-alive.net
souryumon-alive.net/VL/
speedypush.com/wp-includes/6/
statusquobrand.com/1/HS/
studyguidewithlakshmi.com/directory/v982c9VH5c/
supplementhouse.net/
swiftlogisticseg.com/wp-admin/jiX/
syracusecoffee.com/customer/jf/
tanger-soft.com/does-leaving/Kig/
tasagodigital.com/sitepage/iEK/
tatilburdur.com/scutum/KV/
tesson.in/tesson/Pages/OiqPrYbxxPz/
thepremiumplace.com/wp-content/5/
thestudio-ct.co.uk/events/P3/
thetechieforu.com/wp-includes/2/
theusacommunity.com/wp-content/WH/
tigerstormtraffic.com/wp-includes/h23/
tiktokvapes.com/wp-admin/xL/
timsonntag.com/cgi-bin/g/
tinytowntees.com/wp-content/TV/
tiplabor.com/images/Du1/
titanfurniture.store/wp-admin/paclm/vU6iaHwTjD/
treeremovalnerds.com/wp-content/7n5ut/
trungtamgioithieuvieclamdongnai.com/submit_form/sFO/
trungtammtc.com/wp-admin/LP/
twogirlscleaning.com/openbayl/KaI/
tz004.com/ad_files/a0/
udaysolopiano.com/wp-content/J/
ulkucusarkilar.com/networko/wN/
usasnet.com/forgottenl/gkT/
uxnew.com/old/89i/
vat201.com/calculator/itQ/
vidadohomem.com/wp-content/Eu/
vidadohomem.com/wp-content/v/
vikinggg.com/hydrolysis-of/bY/
virtual-event-service.com/assets/tW/
visionmedia.vn/wp-includes/bjkuZ9LtT/
vnadevelopers.com/wp-admin/BF/
vuatritue.com/wp-admin/Ux/
weapontoys.com/wp-content/Ok/
webgisjambi.com/wp-content/uploads/V5a/
widewebit.com/wp-admin/DOC/uDEzzms8hT/
wodsuit.com/ram-aisin/7r9/
yadanaraung.com/wp-content/zWNM/
yogeejee.com/wp-includes/b/
zagoradesertcamp.com/templates/u/
zero-finance.com/wp-content/6sa/
ziaonlinetutor.com/wp-content/a/

# Reference: https://twitter.com/VirITeXplorer/status/1340965185952092160
# Reference: https://twitter.com/Cryptolaemus1/status/1341014410119303168
# Reference: https://twitter.com/bomccss/status/1340967391602216960
# Reference: https://twitter.com/reecdeep/status/1340984037402419202
# Reference: https://twitter.com/bomccss/status/1341000147115786242
# Reference: https://twitter.com/Cryptolaemus1/status/1341093468991610881
# Reference: https://pastebin.com/sBJkarSY
# Reference: https://app.any.run/tasks/94605ec6-f1cc-4fcb-8089-411f2e4bc12a/

accordiblehr.com/wp-admin/HdzyEn/
aeropilates.cl/wp-content/Service/
aktuel.marduk.kim/dooxi-fuel-hf09b/Logs/
alshuwail.com/cgi-bin/5/
amartaka.net/az-artifacts-kqlgo/I/
aramisconstruct.ro/wp-admin/uX/
ardenneweb.com/765779o900/re/
assecon.com.br/novoassecon/diagnostics/
azraktours.com/wp-content/NWF9jC/
bekape.co.id/_notes/SIGNUP/
biglaughs.org/smallpotatoes/rRwRzc/
blog.vishou.net/admin/font/
braam.com.br/c/oaA7YWWX/
brand360.vn/bljgz/93U/
cearacultural.com.br/admin/Sys/
cheetahridge.mediadevstaging.com/c/B/
comunicacaovertical.com.br/agencia/MtX/
countsquare.com/standardservices/mnR4/
elemsindikat.com.mk/shadow-vip-2pxdt/Pyh/
enableinfosolutions.com/old/q2V/
fi.bonitastores.com/n/WUGoZ/
friendsofchrist10.com/streamlabs-obs-rarso/SIGNUP/
genzmag.com/ratings/VQ8n/
goldcoastoffice365.com/temp/X/
goldilockstraining.com/wp-includes/bftt/
guojiazui.com/b/y0QnnWbk/
heaventoearth.com/360views/xu/
helionspharmaceutical.com/wp-admin/oXJB/
infosisconsultancy.com/wp-includes/d60/
iog.com.cn/css/Sys/
jarodcharity.org/wp-includes/9ocR/
jeffdahlke.com/css/bg4n3/
josegene.com/theme/gU8/
jpkiselavoda.mk/advertising/Pl1SS/
ko-racingshop.com/account-eu/Y6W/
lixko.com/wp-includes/VGX/
mateusz1infa.5v.pl/titan-structures-dotzt/Rl555/
megasolucoesti.com/R9KDq0O8w/Microsoft.NET/
mobgroup.com.br/wp-content/font/
mrveggy.com/erros/s0/
musickidsprogram.com/wp-includes/2huOL/
nguyenphuchn.com/wp-content/iN/
norailya.com/vendor/1j/
palladium.tdmcdev.co.za/nsw-gold-h4ld3/2d/
parakkunnathtemple.com/bckup/7SDAvi/
paulscomputing.com/CraigsMagicSquare/H/
pellesbar.co.il/wp-content/microsoft/
phasdesign.com/wordpress/MSInfo/
pos-egypt.com/wp-content/xTr/
preparateparaloquevenga.com/predisi-tgl-jlpml/jjvCL/
qualcommmedia.com/wp-includes-old/m4/
resuco.net/wp-content/uploads/2020/12/S0K/
riandutra.com/img/dRWJ5aN5/
schooldz.co/wp-content/v/
siamimplement.co.th/images/System32/
snjwellers.com/wp-includes/esttW/
swallow.tdmcdev.co.za/accident-on-wh7ag/x/
talkischeap.co.za/4-pin-iscru/t7k/
themesgiant.net/wp-content/microsoft/
themoviebazar.com/2007-bmw/Help/
thoitrangtrungnienkim.vn/wife-AND/Help/
unikaryapools.com/wp/Speech/
vilajansen.com.br/loja_old_1/System32/
vod.vishou.net/data/6hCNth/
whytech.info/wp-includes/HceUxFK/
zebaorganics.com/wp-admin/en-US/

# Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf
# Reference: https://www.virustotal.com/gui/file/00dadb7eb648bbfff26bb4f0fbf97e0d27ff857ede9ac43d90173fd98f0e6860/detection

http://118.110.236.121
http://149.202.5.139
115.165.3.213:80
123.216.134.52:80
89.2.145.86:80
186.32.90.103:443
27.73.70.219:8080
104.131.103.128:443
85.96.199.93:80
147.91.184.91:80
70.116.143.84:80
118.2.218.1:80
66.65.136.14:80
97.107.135.148:8080
181.126.74.180:80
174.102.48.180:80
153.220.182.49:80
115.135.158.13:80
24.249.135.121:80
180.23.53.200:80
2.84.135.163:80
179.15.102.2:80
41.40.125.237:443
65.111.120.223:80
85.25.207.108:8080
105.185.152.15:80
38.18.235.242:80
51.254.140.91:7080
209.143.35.232:80
85.75.49.113:80
116.202.23.3:8080
94.96.60.191:80
194.166.147.143:80
186.222.250.115:8080
2.85.9.41:8080
187.207.207.16:80
191.97.154.2:80
91.83.93.99:7080
209.54.13.14:80
181.56.32.36:80
186.20.52.237:80
164.160.45.41:8080
14.241.182.160:80
61.118.67.173:80
5.189.168.53:8080
94.49.254.194:80
2.84.12.98:80
51.75.163.68:7080
189.194.58.119:80
221.147.142.214:80
85.59.136.180:8080
67.241.24.163:8080
200.116.93.61:80
70.180.43.7:80
72.10.36.104:8080
64.183.73.122:80
94.102.209.63:7080
93.151.186.85:80
201.213.156.176:80
24.232.36.99:80
2.58.16.85:7080
91.213.106.100:8080
181.169.235.7:80
223.135.30.189:80
186.109.152.201:80
181.80.129.181:80
109.190.249.106:80
188.40.170.197:80
181.114.114.203:80
181.126.54.234:80
78.101.224.151:80
195.7.12.8:80
169.1.211.133:80
202.4.57.96:80
86.123.55.0:80
182.176.95.147:80
85.214.28.226:8080
41.106.96.12:80
76.121.199.225:80
220.106.127.191:443
104.251.33.179:80
173.212.197.71:8080
82.78.179.117:443
109.169.12.78:80
202.4.58.197:80
82.163.245.38:80
192.187.99.90:8080
209.126.6.222:8080
192.158.216.73:80
178.128.14.92:8080
62.108.54.22:8080
38.111.46.46:8080
67.10.155.92:80
24.135.198.218:80
189.35.44.221:80
5.9.227.244:8080
159.203.116.47:8080
153.92.4.96:8080
190.212.133.239:443
92.23.34.86:80
155.186.9.160:80
60.108.144.104:443
66.228.49.173:8080
46.22.116.163:7080
51.75.33.122:80
105.213.67.88:80
75.188.96.231:80
185.33.0.233:80
197.245.25.228:80
173.68.199.157:80
197.249.6.179:443
187.49.206.134:80
97.104.107.190:80
212.198.71.39:80
181.74.0.251:80
76.171.227.238:80
81.129.198.57:80
179.191.239.255:80
190.117.79.209:80
98.174.164.72:80
187.64.128.197:80
178.238.232.46:443
94.206.45.18:80
175.143.12.123:8080
173.249.6.108:443
105.186.233.33:80
118.110.236.121:8080
202.5.47.71:80
180.21.3.52:80
203.205.28.68:80
199.101.86.142:8080
74.219.172.26:80
108.26.231.214:80
219.75.128.166:80
67.163.161.107:80
89.186.91.200:443
5.196.108.185:8080
99.224.14.125:80
202.22.141.45:80
27.7.14.122:80
45.33.35.74:8080
208.180.207.205:80
153.164.70.236:80
101.50.232.218:80
178.87.171.199:80
80.87.201.221:7080
104.131.92.244:8080
195.181.215.65:4143
185.63.32.149:80
95.85.151.205:80
111.89.241.139:80
153.163.83.106:80
185.232.182.218:80
73.84.105.76:80
1.54.67.22:80
118.7.227.42:443
96.126.101.6:8080
51.38.50.144:8080
145.236.8.174:80
188.166.25.84:8080
76.168.54.203:80
118.70.15.19:8080
213.181.91.224:80
123.51.47.18:80
119.106.216.84:80
72.249.144.95:8080
2.36.95.106:80
116.125.120.88:443
176.9.93.82:7080
5.153.250.14:8080
93.20.157.143:80
87.98.218.33:7080
104.193.103.61:80
92.24.51.238:80
182.187.139.200:8080
94.124.59.22:8080
149.202.5.139:443
190.151.5.131:443
rueckert-online.de/cgi-bin/Krh7nr1978/
rupertstreet.de/Heidis-Ex/attach/vCFSakPHq/
samatechnics.com/_scripts/DWxipw/
sauerbeck.net/cgi-bin/MWROisGUDpB/
schaefer-frank.de/cgi-bin/cbj5rnqm65zm8312/
schaidl.de/bilder/kc1rs474657/
/bilder/kc1rs474657/
/cgi-bin/cbj5rnqm65zm8312/
/cgi-bin/Krh7nr1978/
/cgi-bin/MWROisGUDpB/
/Heidis-Ex/attach/vCFSakPHq/
/_scripts/DWxipw/

# Reference: https://pastebin.com/raw/Di0gDrDC

74.128.121.17:80
190.114.254.163:8080
81.213.175.132:80
113.163.216.135:80
58.1.242.115:80
200.111.198.76:80
103.229.72.197:8080
181.165.68.127:80
79.118.72.250:80
195.159.28.244:8080
45.230.45.171:443
37.247.101.241:8080
45.4.32.50:80
190.147.84.191:443
172.245.248.239:8080
27.78.27.110:443
168.121.4.238:80
110.145.11.73:80
5.2.212.254:80
80.15.100.37:80
24.69.65.8:8080
172.125.40.123:80
191.223.36.170:80
72.188.173.74:80
177.254.134.180:80
69.159.11.38:443
136.244.110.184:8080
185.201.9.197:8080
178.62.254.156:8080
186.222.53.247:8080
163.53.204.180:443
47.144.21.37:80
50.246.154.69:80
208.74.26.234:80
180.232.111.30:80
152.170.205.73:80
192.232.229.53:4143
161.0.153.60:80
111.67.12.222:8080
201.127.11.90:8080
188.225.32.231:7080
93.148.247.169:80
108.21.72.56:443
45.184.103.73:80
181.171.209.241:443
70.32.89.105:8080
203.160.167.243:80
1.234.65.61:80
110.39.160.38:443
177.85.167.10:80
115.79.119.206:443
190.146.92.48:80
202.79.24.136:443
144.217.7.207:7080
190.251.216.100:80
51.89.36.180:443
172.104.46.84:8080
110.39.162.2:443
189.191.59.232:443
190.18.184.113:80
122.201.23.45:443
186.146.13.184:443
182.73.7.59:8080
186.146.229.172:80
24.245.65.66:80

# Reference: https://app.any.run/tasks/1a576ee4-6e2c-4bda-abd2-f240731f6066/

45.33.54.74:443
209.141.41.136:8080
104.236.246.93:8080

# Reference: https://app.any.run/tasks/4c47eb6e-9649-41a2-a405-4cd10a4a25dc/

http://197.87.160.216
laserhuayna.com

# Reference: https://www.virustotal.com/gui/file/551910c092733b7324c377351583667a6389e76f8e36f1ee73c82d354f970cbc/detection

50.116.111.59:8080
countsquare.com/standardservices/mnR4/
infosisconsultancy.com/wp-includes/d60/
jpkiselavoda.mk/advertising/Pl1SS/
ko-racingshop.com/account-eu/Y6W/
yourdrugsassist.com

# Reference: https://twitter.com/Cryptolaemus1/status/1341364879782010883

aciparis.com/content/Cs/
alsaudiacuttingmaster.com/anticalculous/LA/
alshuwail.com/cgi-bin/5/
amyzeng.net/content/mgms/
anjumanclick.com/q/kvM/
aramisconstruct.ro/wp-admin/uX/
atom.lk/wp-content/DL/
bellevueairductcleaning.com/wp-admin/zK/
bienhoacitysq.com/wp-content/xYp/
brand360.vn/bljgz/93U/
dagranitegiare.com/wp-admin/jCH/
datnenduanbd.com/public_html/Dezl7/
dive-hoian.com/_file-manager/sO/
drakoranime.com/wp-admin/rN/
dreamwithdell.com/wp-includes/pX/
duocnhanhoa.com/wp-admin/J5JbVEY/
dupuisacademy.com/projects/media/v/
ecomdemo2.ogsdev.net/wp-content/zWWB/
expeditionquest.com/X/
football-eg.com/web_map/n/
game.vlexor.com/links14/WUSs/
geoffoglemusic.com/wp-admin/x/
greaudstudio.com/docs/FGn/
hbprivileged.com/cgi-bin/kcggF/
imkol.hk/photo_search/3kc/
johnhaydenwrites.com/track_url/P/
koreankidsedu.com/wp-content/2cQTh/
lavenderkart.com/blogs/nZP5c/
legion.com.pk/__MACOSX/pT3h/
localaffordableroofer.com/ralphs-receipt-f2uhf/qTT5DC/
luxuryavenew.com/wp-admin/RIl1/
mundoahorronline.com/wordpress/2S1/
nahlasolimandesigns.com/nahla3/d/
penambahberatbadan.info/r/pXPKwJ/
pinkista.net/wp-includes/B/
pox23.io/wp-content/I/
sageartisan.com/wp-content/1KsvR/
sancydubai.com/setupconfigo/R9/
sanolifescence.com/cgi-bin/E/
suriagrofresh.com/serevers/MVDjI/
talktalkenglish.vn/database/v/
thaithienson.net/wp-admin/EksZXO/
thienloc.org/data-sgp-kgfig/AaK/
venuspowerbd.com/wp-includes/bLm/
vietnhabienhoa.com/wordpress/QUTy/
wellnursesmartnurse.co.za/wp-admin/HFdox/
yellomosquito.com/wp-includes/w/
zenithcampus.com/l/yQ/
zhongshixingchuang.com/wp-admin/OTm/

# Reference: https://www.virustotal.com/gui/file/07954a3e04bf45308251fa489e56c8b119621131ec4617553fc17ae1e98e051b/detection

4kbutsho.xyz
chiangmainightsafari.com/wp-admin/lrPiggcI/
freeresellerserver.com
jiohosting.xyz

# Reference: https://www.virustotal.com/gui/file/dc3f7f19ed2df8acaa0e1a78da4a9a796e88eed1ee2528983c4327eeeed3a619/behavior

inter-mvietnam.com/wp-content/nxcrv2/
qa-home.com/dlkc3/f0x0011/

# Reference: https://twitter.com/Cryptolaemus1/status/1343627325607469057
# Reference: https://twitter.com/Cryptolaemus1/status/1343660665140084744
# Reference: https://twitter.com/Cryptolaemus1/status/1343665050423353345
# Reference: https://twitter.com/Cryptolaemus1/status/1343678997339766784
# Reference: https://twitter.com/Cryptolaemus1/status/1343697973176389633
# Reference: https://twitter.com/Cryptolaemus1/status/1343822792505102336
# Reference: https://twitter.com/Cryptolaemus1/status/1343845723348021249

http://206.189.146.42/wp-admin/F0xAutoConfig/XR9/
aaskuu.com/ALFA_DATA/97Z/
alabamaballdrop.com/wp-includes/kef1U/
alsaudiacuttingmaster.com/afterpiece/cH/
andeanreach.com//MSInfo/
batdongsanvip.com.vn/wp-content/jHkl/
beidou.run/Acoemeti/VGX/
bharattimeslive.com/wp-content/Jm2pO/
cashyinvestment.org/wp-content/IH/
coastlinepoolspa.com/wp-content/S88uK/
codsambal.com/wp-admin/6NEEEtf/
dr-yasser.com/wordpress/JNS/
dupuisacademy.com/projects/media/Me6bB/
gacetaeditorial.com/p/TYkn/
gjorgji.com/1v1lol-unblocked/JRuP/
harmonimedia.com/wp-content/uploads/Zol/
helionspharmaceutical.com/wp-admin/Yg/
hmhaliyikama.com/site_map/SpeechEngines/
kolerkar.com/wp-snapshots/aRfdr7HT1/
lainiotisllc.com/postauth/7XhB/
lnfch.com/wp-includes/quC/
memoria.od.ua/wp-admin/GbLB2/
modernortodonti.com/thankyou1/QE5y6jiy/
mumglobal.com/content/Z/
nahlasolimandesigns.com/wp-admin/0HHK7/
ncap.lbatechnologies.com/media/6iQ/
norailya.com/drupal/Stationery/
onevoice.co.in/best-selling-wcc/d3/
paroissesaintabraham.com/wp-admin/H/
penambahberatbadan.info/x/inf/
phasdesign.com/wordpress/G/
praticideas.net/wp-content/inf/
qualcommmedia.com/wp-includes-old/rW1/
savedahorses.org/wp-content/xH/
scope-sci.org/kahoot-bot-tj6t0/22/
secretmassageclub.co.uk/wp-includes/inf/
sevensteel.com.tr/wp-content/syi4964/
siitav.net/cuim/data/2/
sistempark.net/wp-includes/7AP/
theo.digital/wp-admin/E/
tillmoon.lt/wp-includes/P/
tools.apecsoft.asia/application/O/
tudatosmarketing.hu/wp-includes/EWiggLh/
turbo-services.com/C:/hE1eMB/
worldcologistics.co.za/wp-includes/BVO1P/
xiaowo.ltd/wp-content/g/

# Reference: https://twitter.com/malware_traffic/status/1343630789683118081

190.210.246.253:80
46.101.230.194:443
karsonhomecare.com/wp-includes/Yo/

# Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720

freejobalertcom.xyz/wp-admin/858/
jarininternational.com/wp-includes/k8buV/
juju.jebcom.de/errordocs/I0K/
lapcare.com/wp-content/o2BwO/
multitools.gr/wp-content/zo/
sinclair-electrical.com/wp-includes/LmhG/
vissermalin.com/wp-content/vQ5/

# Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720

achutamanasa.com/garmin-pro-fei8o/mW/
fmcav.com/images/7FV4Nd/
geoffoglemusic.com/wp-admin/7C11oAC/
geosrt.com/aqqhwdap/l0/
johnloveskim.com/a/Tff/
removepctrojan.com/wp-admin/ak0chH/
theprajinshee.com/otherfiles/wAFP/

# Reference: https://twitter.com/Cryptolaemus1/status/1343954297512468482

alrlawsv.com/explain-functions-kuubxdu/4LAy/
arefhasan.com/wp-admin/z/
bidwincash.com/wp-admin/8NUY/
messenger-courier.com/content/Service/
psishops.com/wp-admin/MSInfo/
redmanns-way.com/jeff-intervention-txqikkf/Engines/

# Reference: https://twitter.com/Cryptolaemus1/status/1343972777041272833

91damimi.com/wp-admin/V/
athenaat.com/content/MSInfo/
fraud.bpcbankingtech.com/wp-content/Logs/
nichimanabi.com/wp-content/en-US/
shop.schlachtstall.de/wp-content/microsoft/
sturing.info/thumbnails/Engines/

# Reference: https://twitter.com/Cryptolaemus1/status/1343911941140606977

cahyaproperty.bbtbatam.com/mhD/
coshou.com/wp-admin/EM/
depannage-vehicule-maroc.com/wp-admin/c/
dieuhoaxanh.vn/wp-admin/a/
familylifetruth.com/cgi-bin/PPq7/
techworldo.com/cgi-bin/gcZ/
todoensaludips.com/wp-includes/9/

# Reference: https://twitter.com/Cryptolaemus1/status/1344019961803628545

dynamicsteels.com/can-you-lpy7p/MaJIcT/
lixko.com/wp-includes/LEq9VJd/
members.nlbformula.com/cgi-bin/vazlwkU/
srishtiherbs.com/jms/bq8/
surfboarddigital.com/carol-stream-i7lsj/8e/
unikaryapools.com/wp/ysFiRq1
zhongshixingchuang.com/wp-admin/N2X3/

# Reference: https://twitter.com/Cryptolaemus1/status/1344025733874782208

adnlight.com/v/Q/
nicoblogroms.com/wp-includes/IZj/
shortnr.xyz/wp-content/zBgK/
taylordbackups.com/wp-includes/Dfp/
thexanhmy.com/chCounter/t/
valenciancountry.com/wp-includes/kppS/
vicharemasala.com/wp-admin/1pXep/

# Reference: https://twitter.com/Cryptolaemus1/status/1344032119996248064

fundglobally.org/googleLib/7on/
heartssetfree.org/9c950e/tw/
kiralikbahissitesii.com/wp-admin/A/
mt4-ea.vip/sys-cache/bAAN/
paulscomputing.com/CraigsMagicSquare/csrJgJZ/
talentztech.com/histioid/X3/
tecshop.website/wp-includes/kZK/

# Reference: https://twitter.com/Cryptolaemus1/status/1344034210823208962

amarguwahati.com/wp-includes/bx7PZR/
dorotheesausset.com/wp-content/Sys/
events.ileafconnects.com/cgi-bin/System_32/
looksociety.org/membership-mail/bb0EIUyTb/
muahangvietmy.com/wp-admin/css/colors/light/Help/
thedesirelife.com/wp-content/Microsoft.NET/

# Reference: https://twitter.com/SecSome/status/1344041101871755276
# Reference: https://app.any.run/tasks/c67ce985-eaae-41d9-9a4c-4af5cfe12906/

http://191.112.178.60
http://24.231.88.85
ongpassoapasso.com.br/r/1IYaxeIKDTISrYMpRRWckdwE7/

# Reference: https://twitter.com/Cryptolaemus1/status/1344182362486222848

appliancebuddy.in/wp-includes/m7R/
rogerbaulenas.com/j/Z96X/
rossdom32.ru/t/wSF/
sasksseed.mymonolith.com/wp-admin/xb/
taradhuay.com/c/4/
thetradepad.co.uk/test/w/
vidular.es/wp-content/K3zbi/

# Reference: https://twitter.com/Cryptolaemus1/status/1344190890898821121

atprofessional.org/wp-content/O6Vey/
iut-bethune.univ-artois.fr/benefits-of-hhnzoet/T/
mypostletter.com/wp-admin/G3/
skyeconsultoria.com.br/wp-admin/co/
talentvalue.com/wp-admin/DEoUM/
trueapparels.com/a/4k/
xportfreight.com/wp-content/c/

# Reference: https://twitter.com/Cryptolaemus1/status/1344200712851509248

astrologiaexistencial.com/l/L/
bandarabbad.com/wp-admin/Lo5kEa/
bereketsutesisatcisi.com/wp-content/xhGs43c/
myphamjapan.com/dup-installer/db/
ngrehab.biz/wp-includes/TCWeeN/
sahla-ad.com/wp-content/a/
swiftlogisticseg.com/wp-admin/VE9h0jj/

# Reference: https://twitter.com/Cryptolaemus1/status/1344205847778488320

artas.biz/c/System/
ausutra.com/wp-admin/Logs/
institutmestres.com/wp-includes/n7Fl9WDm/
noithatcongnghieptantien.com/wp-content/Fonts/
sislog.es/wp-admin/MSInfo/
spmkomputer.com/kasir/diagnostics/

# Reference: https://twitter.com/Cryptolaemus1/status/1344226198252093441

alkamefood.com/y/P/
goldenboyatl.com/img/Ls0/
pom-poo.hk/wp-admin/EFo4q/
shopchailo.com/wp-content/bsQN/
studentloananalyzer.com/wp-admin/2aPL/
vasumadhi.com/cgi-bin/L1DCI/
veertua.com/wp-content/HE/

# Reference: https://twitter.com/Cryptolaemus1/status/1344273969067794432

blogs.g2gtechnologies.com/blogs/v/
insvat.com/wp-admin/Dw/
littleindiadirectory.com/l/TOYuT/
pattayastore.com/visio-network-1hmpp/j5/
rsimadinah.com/wp-content/16qT/
sureoptimize.com/well-known/QsEs/
tenmoney.business/wp-content/nhW/

# Reference: https://twitter.com/Cryptolaemus1/status/1344354848876220416

ellinismos1922.gr/log/c99FG/
linkejet.com.br/cgi-bin/UQ/
mediatorstewart.com/service-msc/3zZLr/
nuocmambamuoi.vn/wp-admin/Ty/
wi360.com/wp-content/u/
wolffsachs.com/wp-content/UKZw/
ycspreview.com/shubham/h7qna/

# Reference: https://twitter.com/K_N1kolenko/status/1344588192117305344

catchpoolshetlands.co.uk/border-design-fjk/ohTJ/
demondkapjesman.nl/cgi-bin/4EbMS/
freelancero.nl/wp-content/3r2/
homegym.vn/stillicide/z/
malerei-wiesner.de/wp-includes/2ww4/
sbninspections.com/wp-content/Y71zQ/
wcpaherrin.net/q/jg/

# Reference: https://twitter.com/K_N1kolenko/status/1344598909453283329

http://18.179.187.145/licenses/Sys/
luoyb.com/wp-includes/rUhBVqXWAV/
malaysianscoop.com/img/MSInfo/
office.horussolution.com/files/Help/
somatone.atakdev.com/plesk-stat/Stationery/
uk-bet.com/wp-content/Media/

# Reference: https://twitter.com/malware_traffic/status/1344329625162407937

89.163.210.141:8080

# Reference: https://twitter.com/abel1ma/status/1344416924382285824

gadgetscs.com/y/LRaS1Fw/
trytuc.com/well-known/Triedit/

# Reference: https://twitter.com/Cryptolaemus1/status/1346138696769302529

admintk.com/wp-admin/L/
etkindedektiflik.com/pcie-speed/Engines/
freelancerwebdesignerhyderabad.com/cgi-bin/S/
hintup.com.br/wp-content/dE/
holonchile.cl/cgi-bin/font/
indemnity360.com/nsw-highways-yqgdk/Sys/
mikegeerinck.com/c/YYsa/
norailya.com/drupal/n0uJoiR/
praticideas.net/wp-content/en-US/
stmarouns.nsw.edu.au/paypal/b8G/
ummahstars.com/app_old_may_2018/assets/Help/
wm.mcdevelop.net/content/6F2gd/

# Reference: https://twitter.com/Cryptolaemus1/status/1346191933329313797

anakhita.com/wordpress/Pt/
etbnaman.com/wp-admin/V0Sv/
ezdesigns.net/ALFA_DATA/h/
labasedespatriotes.net/wp-content/tGjE/
menol.eu/wp/mT/
spovahealth.com/z/Vb/
youyouwj.com/b/HW/

# Reference: https://twitter.com/Cryptolaemus1/status/1346198468918976514

dayimachine.com/automator-mouse-xoq9e/aY9/
doctorww.com/22-hp-ak4yp/LRWLZ2/
elaheanahita.org/a/sbzLscs/
ibelieveonline.org/wp-content/FvSP7/
mt4-ea.vip/sys-cache/62y7sA/
ultimatesoftwarenet.com/wp-content/6rXDH9/
whytech.info/wp-includes/oa/

# Reference: https://twitter.com/Cryptolaemus1/status/1346234313843613702

assecon.com.br/novosite/0fgb09/
blog.luozhou.xyz/wp-includes/en-US/
greensync.com.br/bloqueio/SIGNUP/
helionspharmaceutical.com/wp-admin/Fonts/
moraniz.co.il/wp-content/inf/
salas.co.uk/phyllis/Systems/

# Reference: https://twitter.com/Cryptolaemus1/status/1346241673446248450

app.e-paylinks.com/cgi-bin/GBbzq/
benzatine.com/wp-admin/vafW4/
bikemyday.se/wp-includes/gxz9/
cdhrsom.org/wp-admin/Z/
smartgrocerysl.com/content/dLM/
thekays.ca/wp-includes/h/
thinkbrief.cn/wp-includes/i/

# Reference: https://app.any.run/tasks/e05cfe35-fac0-41c5-aa2a-475d7af96998/

http://125.0.215.60

# Reference: https://twitter.com/bomccss/status/1346362798482227200

givingthanksdaily.com/qlE/VeF/
petafilm.com/wp-admin/4m/

# Reference: https://twitter.com/Cryptolaemus1/status/1346415035204177923

img.oipeirates.pro/wp-includes/inf/
mojwear.de/wp-includes/x907s3BY/
nicoblogroms.com/reviews-of-rcbim/QBaTch/
omnitech.asia/pressthisl/System32/
taradhuay.com/c/vrODk/
teelekded.com/cgi-bin/Services/

# Reference: https://twitter.com/Cryptolaemus1/status/1346430545174142977

comunicacaovertical.com.br/agencia/D0sJl/
datawyse.net/5VGI0/
fathekarim.com/images/jiC/
radioclype.scola.ac-paris.fr/wp-admin/js/widgets/6S
transfersuvan.com/wp-admin/1114R/
trumpcommunity.com/usa-no-uykjh/wcS/
upafrique.com/cgi-bin/iFmg/

# Reference: https://twitter.com/Cryptolaemus1/status/1346436857257574400

campusexpo.org/department-of-odhmmkd/95eXZY/
khanhhoahomnay.net/wordpress/CGMC/
sgurztac.wtchevalier.com/wp-content/YzZ6YZ/
shop.elemenslide.com/wp-content/n/
sofsuite.com/wp-includes/2jm3nIk/
veterinariadrpopui.com/content/5f18Q/
wpsapk.com/wp-admin/v/

# Reference: https://twitter.com/neutrify/status/1346468155879612429

fnjbq.com/wp-includes/rlR/
sakhisuhaninarijeevika.com/wp-includes/CvGUjvE/
somanap.com/wp-admin/P/
wap.zhonglisc.com/wp-includes/QryCB/
zieflix.teleskopstore.com/cgi-bin/Gt3S/

# Reference: https://twitter.com/Cryptolaemus1/status/1346490798142083074

ancorals.com/aminophenol/Stationery/
eco-mykolaiv.info/f/debug/
ehteknology.com/wp-includes/en-US/
imedu.org/u/cV/
omarisouza.com/cgi-bin/Systems/
smartintelligentsolutions.com/content/microsoft/

# Reference: https://twitter.com/Cryptolaemus1/status/1346536935989391362

astrologiaexistencial.com/l/4bm8/
dirgantaratuba.com/cgi-bin/PX4K/
mail.ninosindigochile.cl/1989-gmc-oq21w/ZVTCY/
mirvalgroup.com/wp-includes/FOeYo/
unimedunihealth.com/wp-includes/E/
walkerswebshop.com/images/O7/
wp.gensoukyou.org/souzinv_old/1a/

# Reference: https://twitter.com/Cryptolaemus1/status/1346556090050375680

789hosteley.com/content/NZrE/
exitocorp.com/content/0ygHR/
hss.mamoni.info/content/b/
kongjiantang.com/s/It1c/
phonghoinghi.com/wp-admin/TkBD/
theloveiskindnetwork.com/wp-includes/V/
ushomestyle.com/wp-content/gfhX/

# Reference: https://twitter.com/BushidoToken/status/1346440874759172096

inspired-automotive.co.uk/wp-content.BAK_2020-05-13/w1XXLqtnEj7nijbg1qOGmIDzwcRH/

# Reference: https://paste.cryptolaemus.com/emotet/2021/01/04/emotet-malware-IoCs_01-04-21.html

165.22.246.219:8080
49.205.182.134:80
167.71.4.0:8080
190.162.232.138:80
203.157.152.9:7080
95.76.153.115:80
90.160.138.175:80
178.152.87.96:80
186.147.237.3:8080
173.249.20.233:443
110.172.180.180:8080
186.96.170.61:80
85.247.144.202:80
125.0.215.60:80
89.106.251.163:80
24.231.88.85:80
197.211.245.21:80
97.120.3.198:80
172.193.14.201:80
88.247.30.64:80
190.136.176.89:80
162.144.212.120:8080
167.71.148.58:443
5.83.32.101:80
78.189.148.42:80
103.124.152.221:80
70.183.211.3:80
31.27.59.105:80
82.48.39.246:80
82.208.146.142:7080
113.161.176.235:80
181.124.51.88:80
154.0.8.2:443
191.241.233.198:80
78.188.225.105:80
211.215.18.93:8080
189.34.18.252:8080
70.92.118.112:80
139.5.101.203:80
75.188.107.174:80
173.70.61.180:80
75.177.207.146:80
66.57.108.14:443
190.247.139.101:80
93.146.48.84:80
74.222.117.42:80
189.211.214.19:443
201.212.201.127:8080
201.143.224.27:80
24.230.124.78:80
180.52.66.193:80
188.165.214.98:8080
47.150.238.196:80
98.109.133.80:80
84.5.104.93:80
138.197.99.250:8080
157.245.145.87:443
152.170.79.100:80
114.158.126.84:80
167.99.105.11:8080
181.136.190.86:80
2.80.112.146:80
201.75.62.86:80
93.149.120.214:80
84.232.252.202:443
5.2.136.90:80
75.109.111.18:80
59.21.235.119:80
201.193.160.196:80
157.245.123.197:8080

# Reference: https://www.virustotal.com/gui/file/d0e180cf891b1138e9fa24f47885ec8e9b936a2c1f757f868e7063baf2f27e02/detection

http://54.36.185.63

# Reference: https://www.virustotal.com/gui/file/9271631901e43b43d23922acec11166070e3ef673ef6e60e1c0fb9eafca14a16/detection

etkindedektiflik.com
mantaspesadas.com
newtabletmall.com
ozonerenovaters.co.za
sezard.com
zakariabek.com

# Reference: https://twitter.com/Cryptolaemus1/status/1349016166916911107

capturetheaction.com.au/wp-includes/Yjp/
mmo.martinpollock.co.uk/a/SQSGg/
mybusinessevent.com/tiki-install/e/
shulovbaazar.com/c/bcL6/
thenetworker.ca/comment/8N4/
trayonlinegh.com/cgi-bin/HBPR/
uhk.cncranes.com/ErrorPages/3/

# Reference: https://twitter.com/Cryptolaemus1/status/1349059123753742337

agricampeggiocortecomotto.it/wp-admin/s7p1/
avadnansahin.com/wp-includes/w/
hellas-darmstadt.de/cgi-bin/ZSoo/
remediis.com/t/gm2X/
riparazioni-radiotv.com/softaculous/DZz/
solicon.us/allam-cycle-1c4gn/f5z/
starlingtechs.com/GNM/

# Reference: https://twitter.com/Cryptolaemus1/status/1349088418442186758

abdindash.xyz/b/Yonhx/
altcomconstruction.com/wp-includes/or7/
baselinealameda.com/j/uoB/
cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
craku.tech/h/iXbreOs/
nicoblogroms.com/c/V9w0b5/
taradhuay.com/d/oT5uG/

# Reference: https://twitter.com/malware_traffic/status/1349100952649953283

http://161.49.84.2
angel2gether.de/BlutEngel/SpeechEngines/

# Reference: https://twitter.com/Cryptolaemus1/status/1349295458607394817

3d.unicorp.site/js/A1ew/
3d.unicorp.site/js/GzVpMLaH/
christinewalker.org/wp-admin/Xt9SNHtExU/
huzurdugunsalonu.com/wp-content/Speech/
personal.unicorp.site/lang/System_32/
tmsvinhphuc.com/wp-content/SpeechEngines/

# Reference: https://twitter.com/VirITeXplorer/status/1349316114636017664

ancorals.com/aminophenol/Stationery/
eco-mykolaiv.info/f/debug/
ehteknology.com/wp-includes/en-US/
imedu.org/u/cV/
omarisouza.com/cgi-bin/Systems/
smartintelligentsolutions.com/content/microsoft/

# Reference: https://twitter.com/Cryptolaemus1/status/1349344528214466561

aryasamajmandirkanpur.com/cgi-bin/VcJK/
equipamentosmix.com/1/TRM/
lapiramideopticas.com/tesla-powerwall-ok3h2/kmJ/
lezz-etci.com/wp-content/mXxP/
music.mnahid.com/wp-admin/kCGrt8/
transfersuvan.com/wp-admin/yhUw0GU/
vedavacademy.com/wp-admin/7BHbH/

# Reference: https://twitter.com/Cryptolaemus1/status/1349365544185696259

abbc.tv/wp-content/Triedit/
asafina.co/wp-content/G3GLLO/
bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/
globalruraldevelopmentagency.co.za/cgi-bin/inf/
larissarobles.com/wp-admin/SIGNUP/
trioconcuerda.es/cgi-bin/Services/

# Reference: https://twitter.com/Cryptolaemus1/status/1349368462397878272

cs.lcxxny.com/wp-includes/E3U8nn/
datawyse.net/0X3QY/
givingthanksdaily.com/CP/
ketorecipesfit.com/wp-admin/afanv/
makiyazhdoma.ru/blocked/tgEeW8M/
mertelofis.com/wp-content/As0/
trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/

# Reference: https://www.virustotal.com/gui/file/6a493e8b5ff18bfa985491dff440f85ab81458e502477a4163d174b2f068d2a0/detection

http://50.116.111.59

# Reference: https://twitter.com/Cryptolaemus1/status/1349434485213958148

adres-ug.ru/wp-admin/IItD/
ats-tx.com/old/f1X/
avanttipisos.com.br/catalogo-virtual/U/
bhar.com.br/elementos/MQfB/
mpeakecreations.co.za/cgi-bin/vVk1rw/
smkbudiagung.com/wp-content/VoPg04/
theraven.pk/overwolf-r6-vdace/UH4fL/

# Reference: https://www.virustotal.com/gui/file/5914d2b73a12434f181aecde03e27c755c5b3d9d87827381a5ac6cc6d1eeb72b/detection

http://194.36.190.41

# Reference: https://www.virustotal.com/gui/file/b09074b0d262c73c66430e4e968ebee0cb946881c69d7b7fd8bc9130a1731482/detection

californiaasa.com/californiaasa.com/8t/
dakarbuzz.net/css/CyKg/
djraisor.com/error/w7G3/
kharazmischl.com/w/
prestokitchens.com/recurringo/fRe/
viralbrown.com/e3c0ngfjc/N/

# Reference: https://otx.alienvault.com/pulse/600427f0c6a16dad430cdf71

taskok.com
uudama.com
uudati.com
uuwise.com

# Reference: https://www.virustotal.com/gui/file/885241694043444e59ddc1473d1d76cf05868569e8afe89d72757ca3178a006e/detection

akybron.hu/wordpress/Triedit/
holonchile.cl/cgi-bin/System32/
members.nlbformula.com/cgi-bin/Microsoft.NET/
c210109.itourlife.top
top-grandwinners.life

# Reference: https://tria.ge/210120-dx7gmz813a

calledtochange.org/CalledtoChange/8huSOd/
hbprivileged.com/cgi-bin/Qg/
mrveggy.com/wp-admin/n/
norailya.com/drupal/retAl/
riandutra.com/email/AfhE8z0/
teelekded.com/cgi-bin/LPo/
ummahstars.com/app_old_may_2018/assets/wDL8x/

# Reference: https://twitter.com/Cryptolaemus1/status/1351848817621139456

avz-pr.com/wp-includes/hJ/
cawada.com/wp-content/7httphttpUz0/
hilmagym.com/alden-s-ylxyau/Rljs3s/
sundargarhmirror.com/wp-content/sRu7KK/
surveycanada.xyz/wp-content/0sDDTy/
ultimatesoftwarenet.com/wp-content/upB/
yurdumaku.com/blogs/zQAwwA/

# Reference: https://twitter.com/Cryptolaemus1/status/1351849334443307010

edge-tech.uk/flacon/61RO7/
gmthearingsolution.com/cgi-bin/lrZkqL/
istanbulhaliyikamacim.com/content/I9Ogfopdi7/
ordertaker.jakagroup.com/2f77k7i6/E/
solicwebaps.azurewebsites.net/allam-cycle-1c4gn/KLBX/
taradhuay.com/d/It4Iwlo/

# Reference: https://twitter.com/Cryptolaemus1/status/1351849087428079617

achutamanasa.com/media/Te/
cashyinvestment.org/wp-content/21dIZ/
infoquick.co.uk/assets/h/
merkadito.mx/upload/6/
oftalmovilaplana.com/wp-includes/wfKu/
opticaquilin.cl/wp-includes/FFueL/
vilajansen.com.br/loja_old_1/p/

# Reference: https://twitter.com/Cryptolaemus1/status/1351863522184097794

buyitnowtoday.net/wp-admin/KI0K/
canadabrightway.com/wp-admin/n3
cometarabian.com/wp-includes/zFY6U/
convictionfitness.webdmcsolutions.com/wp-admin/gUb/
hbprivileged.com/cgi-bin/Qg/
intellisavvy.com/wp-admin/dRaG2H/
ketoresetme.com/wp-content/Rk4rz/
mrveggy.com/wp-admin/n/
perrasmoore.ca/wp-admin/rM6HK
re2me.xyz/opt/Ds/
senbiaojita.com/wp-admin/iDlsc/
starkmotorracing.com/unhairer/nzFKm/
stormhansen.com/2556460492/if/
teelekded.com/cgi-bin/LPo/
thelambertagency.com/staging/Vo/
theo.digital/wp-admin/Zyl2/
trainwithconviction.com/wp-admin/y
trainwithconviction.webdmcsolutions.com/wp-admin/rEEEU
ummhttpstars.com/app_old_may_2018/assets/wDL8x/
upinsmokebatonrouge.com/var/Ux1V/
vassanaservices.com/TEST/V3/

# Reference: https://twitter.com/Cryptolaemus1/status/1351885794164822017

perrasmoore.ca/wp-admin/rM6HK/

# Reference: https://www.virustotal.com/gui/file/7a60e4259e05ae1b9f2879df13341ca27217d4aa9bbb542397ad1a96fa1dd581/detection
# Reference: https://www.virustotal.com/gui/file/19ef1edfd5cbfb556945f30eddf23f1f707ec9de5959167e0863c0abf201f12b/detection

145.249.106.34:80

# Reference: https://tria.ge/210120-5ah1kwq3l6

115.21.224.117:80
12.175.220.98:80
162.241.204.233:8080
180.222.161.85:80
190.103.228.24:80
190.251.200.206:80
69.49.88.46:80
75.113.193.72:80
78.182.254.231:80

# Reference: https://twitter.com/Cryptolaemus1/status/1351923396083257344
# Reference: https://app.any.run/tasks/b2f93211-2c05-4062-a53b-968ab80dcd8c/

apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
artistascitizen.com/wp-content/Bx3cr6/
careercoachconnection.com/tenderometer/4K/
happycheftv.com/wp-admin/z6uGcbY/
ombchardin.com/archive/V/
tacademicos.com/content/JbF68i/
zhongsijiacheng.com/wp-content/jn5/

# Reference: https://twitter.com/bomccss/status/1351835536390975490

ordertaker.jakagroup.com/2f77k7i6/E/

# Reference: https://twitter.com/Cryptolaemus1/status/1351950866811645955

abyssos.eu/wp-content/p/
bambathamobileloans.co.za/cgi-bin/X/
blog.tqdesign.vn/banner/uW/
buarf.com/vcds-throttle-w4z41/pqqn/
gieoduyen.vn/css/PxmtB/
vataas.com/3325390551/5W/

# Reference: https://twitter.com/Cryptolaemus1/status/1351994772433625088

abdo-alyemeni.com/wp-admin/seG6/
bardiastore.com/wp-admin/A1283/
dryaquelingrdo.com/wp-content/SI/
fabulousstylz.net/248152296/TpI/
giteslacolombiere.com/wp-admin/FV/
oxycode.net/wp-admin/x/
trendmoversdubai.com/cgi-bin/B73/

# Reference: https://twitter.com/Cryptolaemus1/status/1351992254177681410

cirteklink.com/F0xAutoConfig/1Zb4/
covisiononeness.org/new/F9v/
lionrockbatteries.com/wp-snapshots/C/
nimbledesign.miami/wp-admin/C/
oshiscafe.com/wp-admin/5Dm/
schmuckfeder.net/reference/ubpV/
xunhong.net/sys-cache/D0/

# Reference: https://twitter.com/Cryptolaemus1/status/1352006666263420928

academiaprogreso.com/cgi-bin/Z5/
casinos-hub.com/s/ZQhDyLF/
deoditas.com/n/FUEyoG/
mts2019-002-site9.gtempurl.com/wp-content/E/
newtop.one/responsives/z/
ocean4gamers.com/wp-content/GAuYf/
yahyalisayam.com/sys-cache/tAsw/

# Reference: https://twitter.com/K_N1kolenko/status/1352155154003480576

aqnym.top/wp-login/9ZvtYaLyhg/
bestcartdeal.com/wp-content/U12BbGPx2v/
chenqiaorong007.com/wp-content/inh1Q4eFMT/
hredoybangladesh.com/3948708181/l7/
qingniatouzi.com/wp-includes/Z4TFME0/
washcolsc.com/wp-admin/gRIWZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1352199988084944896

bikemyday.se/wp-includes/FdM/
bookkeepingdoctor.co.uk/s/1EU/
deshbangla71news.com/wp-content/5M/
lubdeco.com/rocketlike/1IqoSgDG/
peritidiparte.org/administrator/XSboAD33/
vallerconstrutora.com.br/wp-content/uploads/vDIi0eYzz/

# Reference: https://pastebin.com/raw/aStRxhMw

143.0.85.206:7080
181.10.46.92:80
2.58.16.88:8080
200.75.39.254:80
201.185.69.28:443
206.189.232.2:8080
83.144.109.70:80
91.233.197.70:80
93.146.143.191:80
93.149.120.214:80
94.176.234.118:443
95.76.153.115:80

# Reference: https://urlhaus.abuse.ch/url/973026/

nhipcauytevietnhat.com/efficiency-all-iuehb/BJug3jyhuyilWhCQs3YksSaqQW7tpyvmYpb91wTZdbluIo1EKoPE5VrBbcx8zHDAR9YT/

# Reference: https://twitter.com/Cryptolaemus1/status/1352559200271028227
# Reference: https://twitter.com/Cryptolaemus1/status/1352559411135467527

cashstreamfinancial.com/wp-admin/23/
e-medglobal.com/wp-content/ludqf/
ecobaby.es/assets/MZIHkwyre/
elsadinc.com/wp-content/B/
inhaustyle.com/wp-admin/7OtP5/
jlzs.kuamn.com/a/B3Snr8A/
jolifm.com/new/5hkc3/
o7therapy.com/egyptian-comedy-hiiro/As0/
signinsolution.com/wp-content/Vr0/
technologydistilled.com/a-nurse-ss8d9/z/
wangke9.com/wp-includes/dCmiSx8y/
wp01.devanshp.com/sys-cache/8vejbVDx/
wz760.com/wp-admin/b/

# Reference: https://twitter.com/Cryptolaemus1/status/1352558882867081219
# Reference: https://twitter.com/VirITeXplorer/status/1352557164158738433

91yudao.com/wp-admin/KKHt1/
fifacoinsbox.com/wp-content/7gYt/
laymancoder.com/rustic-decor-1gbad/Us/
rbdck.com/wp-content/uploads/sucuri/lewfK/
seamart.info/alfacgiapi/q92A/
uagritech.com/cgi-bin/a5G/
yourcleanersurfaces.com/four-monks-acasz/O2my/

# Reference: https://twitter.com/Cryptolaemus1/status/1352581752385122310

admin.toppermaterial.com/js/jGcwS/
fultonandassociates.com/administrator/IUHeit/
notebook03.com/templates/G2Ay/
pcsaha.com/wp-content/fG1tM/
rosvt.com/img/9h1Q/
skver.net/benjamin-moore-xha9o/t/
zippywaytest.toppermaterial.com/wp-admin/wwbJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1352595532074643463

alugrama.com.mx/t/2/
armakonarms.com/wp-includes/fz/
bbjugueteria.com/s6kscx/Z/
bimception.com/wp-admin/sHy5t/
coworkingplus.es/wp-admin/FxmME/
homecass.com/wp-content/iF/
silkonbusiness.matrixinfotechsolution.com/js/q26/

# Reference: https://twitter.com/Cryptolaemus1/status/1352631537007734790

fab5associates.com/include/scIM/
ie-best.com/msm8909-custom-bgts5/eos6t3H/
iebest.online/1997-chevy-aiz00/RFrTE68/
iebest.org/hoefler-bold-zify4/ia/
originpart.com/wp-content/acStl/
singleworld-online.com/img/DeeAt/
slowdtech.net/shop/wLZ4yw/

# Reference: https://twitter.com/Cryptolaemus1/status/1352643524404117505

e-wdesign.eu/wood-stove-x7iww/R1SMs1v/
micronews.eu/crankshaft-pulley-i5aio/Tlp/
ofert-al.com/wp-content/t9hVViBde/
relatedgrouptest.com/OurTime/culeTFa3v/
schmuckfedern.info/reference/0HlBBg8/
transal.eu/netgear-wifi-qzvv4/1j7XZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1352700749164269568

boomarketer.com/wp-content/6/
crooks-taylor.com/1676470973/1/
lvnskin.com/h/IB/
nadysa.com/wp-content/Almet/
rabiei.fun/eidl-reconsideration-bs3lu/feoOiAO/
rex.tasmiragroup.com/wp-includes/un6G/
whitetheme.xyz/wp-content/q8H/

# Reference: https://twitter.com/Cryptolaemus1/status/1352724228106280960

bhaktivrind.com/cgi-bin/JBbb8/
cab.mykfn.com/admin/X/
cambiasuhistoria.growlab.es/wp-content/hGhY2/
gocphongthe.com/wp-content/lMMC/
ie-best.net/online-timer-kvhxz/ilXL/
letscompareonline.com/de.letscompareonline.com/wYd/
vanddnabhargave.com/asset/W9o/

# Reference: https://twitter.com/Cryptolaemus1/status/1353666901780688900

aecotimes.com/wp-admin/44Z/
de.letscompareonline.com/cgi-bin/ztEE/
escalierconsulting.com/wp-includes/I/
haumaguerraevoceoalvo.com.br/wp-includes/0Hm/
paulomarciotrp.com/z/y/
rakikuma.com/cgi-bin/K/
snjyp.com/wp-content/Nz/1/

# Reference: https://twitter.com/Cryptolaemus1/status/1353658459376517121

3musketeersent.net/wp-includes/TUgD/
dashudance.com/thinkphp/dgs7Jm9/
jeevanlic.com/wp-content/r8M/
leopardcranes.com/zynq-linux-yaayf/w/
mmrincs.com/eternal-duelist-9cuqv/jxGQj/
shannared.com/content/lhALeS/
skilmu.com/wp-admin/hQVlB8b/

# Reference: https://twitter.com/Cryptolaemus1/status/1353642498288201728

e-wdesign.eu/wp-content/bn1IgDejh/
jflmktg.wpcomstaging.com/wp-content/AK/
linhkienmaytinh.tctedu.com/wp-snapshots/VzJM/
nightlifemumbai.club/x/0wBD3/
shop.nowfal.dev/wp-includes/RlMObf2j0/
traumfrauen-ukraine.de/bin/JyeS/

# Reference: https://twitter.com/sugimu_sec/status/1354337747037679619

80.158.59.174:8080
80.158.43.136:80
80.158.3.161:443
80.158.51.209:8080
80.158.35.51:80
80.158.63.78:443
80.158.53.167:80
80.158.62.194:443

# Reference: https://www.virustotal.com/gui/file/d2fa81e487727af7c92cb170cfd73dcd9c600c4599cfe59c8021744c075064ee/detection

190.182.161.7:8080

# Reference: https://otx.alienvault.com/indicator/file/9fddb3ab17c46feb665101b7893f793f2b3465f5eac30bd4d442b52a8d60448b/

alptitude.com/wp-admin/2ygiz6a0574/
dev.petracapital.com/shared/web/f794/
healthylivingclinique.com/yzvd2ss/nj9ro6k881/
staging.thenaturallifestyles.com/wnty/98c971/

# Reference: https://tria.ge/201025-mn36398aqs/static1

111.119.233.65:80
144.139.158.155:80
187.131.128.238:50000
190.79.228.89:443
220.241.38.226:50000
41.75.135.93:7080
42.190.4.92:443
45.56.79.249:443
60.52.64.122:80
79.127.57.43:80
94.177.183.28:8080
94.67.21.187:8080

# Reference: https://www.virustotal.com/gui/file/835d0910a541696111ecf4588e19a2c361e1ed6a61d2b680e1dd1cfcd85b4da9/detection

arya-co.com/wp-includes/lIaWADd/
literadiocebu.com/vhvjt/aycx52bqm330139/
pizzaherbs.com.pk/pjqbq/XnPgtdPPN/
solution.seeedstudio.com/tag/FNLFibbOyHa/

# Reference: https://unit42.paloaltonetworks.com/attack-chain-overview-emotet-in-december-2020-and-january-2021/
# Reference: https://otx.alienvault.com/pulse/6047a64d3c6de8ce39c5f1fb

abrillofurniture.com/bph-nclex-wygq4/a7nBfhs/
allcannabismeds.com/unraid-map/ZZm6/
ezi-pos.com/categoryl/x/
giannaspsychicstudio.com/cgi-bin/PP/
ienglishabc.com/cow/JH/
etkindedektiflik.com/pcie-speed/U/
vstsample.com/wp-includes/7eXeI/

# Reference: https://www.virustotal.com/gui/file/05e10f7bf1687cc7187961aa5140c2b29a054a9142bdf9b8b8a54a6fbfc63f38/detection

http://70.121.172.89

# Reference: https://unit42.paloaltonetworks.com/emotet-command-and-control/

ienglishabc.com/cow/JH/

# Reference: https://www.virustotal.com/gui/file/338d8d3ff0894ad4411b7eca2723d06a70f560488f00e690ed7ad33e67f9ad47/detection
# Reference: https://www.virustotal.com/gui/file/14aad54e4accb6acc45ee5bdf965c406fac1b53ba6600961135b9567d03b224d/detection

217.160.169.110:8080
51.255.203.164:8080

# Reference: https://www.virustotal.com/gui/file/6b33c0213605687c080ebef68e2ae366e3d35f90cb1bf80ad4506ad738284806/detection

http://84.232.229.24

# Reference: https://www.virustotal.com/gui/file/9873dc0ef3a6233e91cb4112f96e68495354a35341ebe8108f87e80a97084306/detection

duolife-partner.com/wp-content/pE/
givingthanksdaily.com/web/VK/
ifarmer.com.br/__MACOSX/2w4/
tskgear.com/wp-content/uploads/2017/Fo/
uniteddatabase.net/wp-admin/tf/
testlibreria.ddns.net

# Reference: https://www.virustotal.com/gui/file/5bc7d79f0a8067ecc206d34cad5432b343af707f332326b947460129d36d9c73/detection
# Reference: https://www.virustotal.com/gui/file/d148cd4df3bc4807b5e7d2dffc7659ca926ed4674d4fab4da5b305f63d19748d/detection

djsrecord.com
impipower.com
inkayniperutours.com
lastfrontierstrekking.com
mitraship.com
vesiyiannissimopoulos.com
vysimopoulos.com
watchnshirt.com

# Reference: https://unit42.paloaltonetworks.com/c2-traffic/

/a51azs1nbhzmu5m/
/a5msy52s4i4uuac7dm/
/e6qj08nos8kh/
/o7rhpr2xi05tkkp/
/p0f6wimb1tcqvn0/
/r1s4dvgwanu1ov8qku/
/a5msy52s4i4uuac7dm/pzudacb2/a51azs1nbhzmu5m/p0f6wimb1tcqvn0/
/r1s4dvgwanu1ov8qku/e6qj08nos8kh/o7rhpr2xi05tkkp/

# Reference: https://www.virustotal.com/gui/file/befffcacdf0a332761313f820c7527c9e18afb0b2b96871fa3ae6cdb78a1710c/detection

3cgfx.com
antbear.de
praxislumpp.de
reken-bhf.de
zlc-aa.org
/nbrZnq/
/nwbBJRnf/
/shFvxAVCx/

# Reference: https://www.virustotal.com/gui/file/3deae7749040610c9cbb202e382427a1f25a78a2522039b47243f39d117bbe2a/detection

coronadotx.com
djkuhni.ru
finnessemedia.com
oilmotor.com.ua
/9jrQva/
/dg8G4r7/
/VG0BJc48/

# Reference: https://www.virustotal.com/gui/file/71cdd13b7a58ce65018ee1262dcd6ed87649869b77da2c9fc83fac5ea46da9e2/detection

http://82.28.208.186

# Reference: https://www.virustotal.com/gui/file/1241503187e6eab61e28a83e423358b340acd60ce4dcea04d61946f9c8b6644b/detection

eadhm.com

# Reference: https://www.virustotal.com/gui/file/d78d3372dcbd7096a17376759e10de73574f781ce9148c870b26b76734d265c2/detection

http://173.254.28.54
http://31.31.196.252
http://37.59.31.76
http://5.196.201.123
http://91.238.72.69
73.49.109.200:443

# Reference: https://www.virustotal.com/gui/file/44fc6487c49540ca65e83de10394e82b197a46f21d519a7bcec3ef363d129aa8/detection

cat-school.ru/us/710yf0n_ua7x4j-7479994/
ahoraseguro.dmcintl.com/wp-admin/VyzfDUJD/
candasyapi.com/cgi-bin/kbd3o6aik_n6gtdbv-55/
domuswealth.kayakodev.com/wp-content/uploads/rLDcCyAubM/

# Reference: https://isc.sans.edu/diary/28044

51.75.33.120:443
51.159.35.157:443
81.0.236.93:443
94.177.248.64:443
92.207.181.106:8080
109.75.64.100:8080
163.172.50.82:443

# Reference: https://capesandbox.com/analysis/205987/

103.75.201.2:443
103.8.26.102:8080
103.8.26.103:8080
104.251.214.46:8080
105.178.188.118:36390
108.23.240.27:55224
108.253.10.35:50450
111.160.228.120:11844
118.232.90.67:41669
12.103.138.37:25337
129.71.122.229:19552
130.218.189.102:11273
131.118.23.101:1579
138.115.8.136:56281
138.185.72.26:8080
147.228.21.195:30136
148.35.207.251:33527
148.86.197.182:8947
153.7.1.135:46220
178.79.147.66:8080
181.54.185.125:31175
185.184.25.237:8080
188.93.125.116:8080
193.68.236.63:5958
195.154.133.20:443
20.230.225.161:8790
202.203.146.92:23209
207.38.84.195:8080
208.169.50.181:64568
210.57.217.132:8080
212.237.5.209:443
213.250.103.157:20454
215.8.101.132:46077
218.38.200.180:25912
220.148.251.73:33247
227.6.114.83:665
238.158.59.126:29524
239.148.125.201:46467
242.27.192.124:10362
248.105.66.216:52589
25.55.252.100:2573
253.144.211.188:26511
255.172.122.71:56807
26.19.172.107:61767
26.194.150.23:4175
45.118.135.203:7080
45.142.114.231:8080
45.76.176.10:8080
49.39.1.135:29156
5.209.235.13:42953
51.170.119.234:40184
51.68.175.8:8080
58.227.42.236:80
66.42.55.5:7080
68.25.130.201:54222
70.151.180.118:49953
74.100.101.45:1921
75.230.216.18:31704
77.115.123.4:30680
81.0.236.93:443
84.14.63.133:50709
89.0.134.88:56100
94.177.248.64:443
99.140.7.31:20206

# Reference: https://tria.ge/211117-qs1syshgcj

142.4.219.173:8080
168.197.250.14:80
177.72.80.14:7080
185.148.169.10:8080
191.252.103.16:80
195.154.146.35:443
195.77.239.39:8080
196.44.98.190:8080
207.148.81.119:8080
37.44.244.177:8080
37.59.209.141:8080
45.79.33.48:8080
51.178.61.60:443
51.210.242.234:8080
54.37.228.122:443
54.38.242.185:443
66.42.57.149:443
78.46.73.125:443
78.47.204.80:443
85.214.67.203:8080

# Reference: https://twitter.com/abuse_ch/status/1461311027925106689

45.79.33.48:8080

# Reference: https://twitter.com/fr0s7_/status/1460590106637651970
# Reference: https://pastebin.com/vaprawG6

av-quiz.tk
ranvipclub.net
visteme.mx
newsmag.danielolayinkas.com/content/nVgyRFrTE68Yd9s6/
goodtech.cetxlabs.com/content/5MfZPgP06/
devanture.com.sg/wp-includes/XBByNUNWvIEvawb68/
team.stagingapps.xyz/wp-content/aPIm2GsjA/
/5MfZPgP06/
/aPIm2GsjA/
/nVgyRFrTE68Yd9s6/
/XBByNUNWvIEvawb68/

# Reference: https://twitter.com/pr0xylife/status/1464192283604103168

multilifecapsule.com
/s9t0t1x/bgZZ2Gslow/
/bgZZ2Gslow/
/s9t0t1x/

# Reference: https://twitter.com/pr0xylife/status/1463935013007863809

ielts-world.trimion.org/wp-content/uploads/0qkRwoQ1sl7/
/0qkRwoQ1sl7/

# Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/665/original/all_network_IOCs.txt

168801.xyz
168801.xyz/wp-content/6J3CV4meLxvZP/
adorwelding.zmotpro.com/wp-content/Z8ifMTCM2VBWlfeSZmzv/
alfadandoinc.com/67oyp/C2J2KyCpQnkK4Um/
alfaofarms.com/xcyav/F9le301G89W0s2g4jLO5/
av-quiz.tk/wp-content/k6K/
caboturnup.com/wp-content/plugins/classic-editor/js/PZgllRH6QtkaCKtSB50rzr/
callswayroofco.com/wp-content/fdMNv5VqUpd3wKwrDEYc/
cars-taxonomy.mywebartist.eu/-/BPCahsAFjwF/
ceshidizhi.xyz/wp-content/Gs4yhEwmUamQky9H9rSy/
ckfoods.net/wp-admin/wPInm2rgMu/
crownadvertising.ca/wp-includes/OxiAACCoic/
cursossemana.com/wp-content/zwfj5luCBBEL3RrbBgPsz/
devanture.com.sg/wp-includes/XBByNUNWvIEvawb68/
dipingwang.com/dhijow/yYj7tJhnx3gZsJwlOCNCU/
evgeniys.ru/sap-logs/D6/
giadinhviet.com/pdf/log_in/8kQBFUyohsDRGCJx/
goodtech.cetxlabs.com/content/5MfZPgP06/
hpoglobalconsulting.com/wp-content/9CwBhm1xLHlSAmSl8FrG/
html.gugame.net/img/5xUBiRIQ4s3EtKEv67Ebn/
huskysb.com/wordpress/6f0qIQlWPaYDfa/
im2020.vip/wp-includes/Uo9xNyX6bgj1/
immoinvest.com.br/blog_old/wp-admin/luoT/
itomsystem.in/i9eg3y/nNxmmn9aTcv/
jamaateislami.com/wp-admin/FKyNiHeRz1/
laptopinpakistan.com/wp-admin/O709S0/
linebot.gugame.net/images/RX6MVSCgGr/
lpj917.com/wp-content/Cc4KG1MDR4xAWp91SjA/
manak.edunetfoundation.org/school-facilitator/qlwM2RAHhDG8N8/
newsmag.danielolayinkas.com/content/nVgyRFrTE68Yd9s6/
onlinemanager.site/szrlo/XRL3pyAvQ9NoDug7wzAzyuL/
parentingkiss.com/wp-admin/LMgGsVXx02LX/
pasionportufuturo.pe/wp-content/XUBS/
pibita.net/wp-admin/VLpfaG1/
primtalent.com/wp-admin/9yt1u/
protracologistics.com/cryptocurrency/8Nq5rxi7aIGH/
ranvipclub.net/pvhko/a/
ridcyf.com/dm7vg/DGWFrJA0kutWTk/
server.zmotpro.com/venkat/products/facebook-page/assets/kmIdeXnG/
staviancjs.com/wp-forum/QOm4n2/
team.stagingapps.xyz/wp-content/aPIm2GsjA/
thepilatesstudionj.com/wp-content/oAx5UoQmIX3cbw/
thetrendskill.com/wp-content/HbbVwxEkhvYdloXmjWeBb/
vcilimitado.com/trendfit/aBER6PrBXc7/
vegandietary.com/wp-admin/IFtPKsn/
visteme.mx/shop/wp-admin/PP/
voltaicplasma.com/wp-includes/wkCYpDihyc8biTPn444B/
xanthelasmaremoval.com/wp-includes/VVVcpYsRtGgjQqfgjxbS/
yoho.love/wp-content/e4laFBDXIvYT6O/
yougandan.com/backup_YouGandan-9th-nov/3n6PrcuIaPCNcRU7uj7D/
/3n6PrcuIaPCNcRU7uj7D/
/5MfZPgP06/
/5xUBiRIQ4s3EtKEv67Ebn/
/6J3CV4meLxvZP/
/6f0qIQlWPaYDfa/
/8Nq5rxi7aIGH/
/8kQBFUyohsDRGCJx/
/9CwBhm1xLHlSAmSl8FrG/
/9yt1u/
/BPCahsAFjwF/
/C2J2KyCpQnkK4Um/
/Cc4KG1MDR4xAWp91SjA/
/DGWFrJA0kutWTk/
/F9le301G89W0s2g4jLO5/
/FKyNiHeRz1/
/Gs4yhEwmUamQky9H9rSy/
/HbbVwxEkhvYdloXmjWeBb/
/IFtPKsn/
/LMgGsVXx02LX/
/O709S0/
/OxiAACCoic/
/PZgllRH6QtkaCKtSB50rzr/
/QOm4n2/
/RX6MVSCgGr/
/Uo9xNyX6bgj1/
/VLpfaG1/
/VVVcpYsRtGgjQqfgjxbS/
/XBByNUNWvIEvawb68/
/XRL3pyAvQ9NoDug7wzAzyuL/
/Z8ifMTCM2VBWlfeSZmzv/
/aBER6PrBXc7/
/aPIm2GsjA/
/backup_YouGandan-9th-nov/
/e4laFBDXIvYT6O/
/fdMNv5VqUpd3wKwrDEYc/
/kmIdeXnG/
/nNxmmn9aTcv/
/nVgyRFrTE68Yd9s6/
/oAx5UoQmIX3cbw/
/qlwM2RAHhDG8N8/
/wPInm2rgMu/
/wkCYpDihyc8biTPn444B/
/yYj7tJhnx3gZsJwlOCNCU/
/zwfj5luCBBEL3RrbBgPsz/

# Reference: https://twitter.com/abel1ma/status/1464021181649276928

188.165.214.166:7080
41.76.108.46:8080

# Reference: https://twitter.com/pr0xylife/status/1464234513421246474

alfadandoinc.com
/67oyp/bZ033Pj5mW/
/bZ033Pj5mW/

# Reference: https://twitter.com/1ZRR4H/status/1464292396448071681

datascience.inf.udec.cl

# Reference: https://www.virustotal.com/gui/file/faf7f22e03ece8ff740f235cb877b68139b8e24bc9a4d881924d3094fa7d88e0/detection

107.182.225.142:8080
110.232.117.186:8080
158.69.222.101:443
176.104.106.96:8080
191.252.196.221:8080
212.237.17.99:8080
212.237.56.116:7080
216.158.226.206:443
50.116.54.215:443
58.227.42.236:80
81.0.236.90:443
91.200.186.228:443

# Reference: https://www.virustotal.com/gui/file/a42b19809d5c72e4bfb1f3c32db4ddd2c000b9e85d84fe34de06dbd658f186e9/detection

45.63.5.129:443
/UgHsfhOlDOzwSAAUPNThHJzDKohxKgDQ

# Reference: https://www.virustotal.com/gui/file/b55ecd568ea778ec6759dad6d6f36e382c95c1320db94c82874ad422df5aa63a/detection

46.55.222.11:443

# Reference: https://twitter.com/Max_Mal_/status/1465760141505175556

forwardmart.club
teachingcenter.xyz

# Reference: https://www.virustotal.com/gui/file/cb2b43994668e1bad49416f30da34f14eba6381a210879df8a1090aedfa9538e/detection

boardingschoolsoftware.com/Vineet_Backup/Z9o3/
/Vineet_Backup/Z9o3/

# Reference: https://www.virustotal.com/gui/domain/terracondivisa.farsiprossimofaenza.org/relations

terracondivisa.farsiprossimofaenza.org

# Reference: https://twitter.com/Max_Mal_/status/1466785013412810756

coachdto.com

# Reference: https://twitter.com/Max_Mal_/status/1466138840138145821

rayanew.ir/wp-content/6b7OVW/
/wp-content/6b7OVW/

# Reference: https://twitter.com/VirITeXplorer/status/1465726173393076230

radio-galaxia.us/v/eZoMYhBe2i0H4Fg/
sterileinstrument.com/sterilematrix_mf/RsKnrz5SlP9MXcr/
thebanditproject.com/wp-content/BvZK54PFsCqKio6/
/BvZK54PFsCqKio6/
/eZoMYhBe2i0H4Fg/
/RsKnrz5SlP9MXcr/

# Reference: https://twitter.com/VirITeXplorer/status/1465725143532113936

donnaandlord.com/wp-includes/qfFSVILNBNeep3ZH/
escapelle.uz/wp-includes/n1vS/
openhouse.swu.ac.th/3y1eq/Lni/
/3y1eq/Lni/
/wp-includes/n1vS/
/qfFSVILNBNeep3ZH/

# Reference: https://twitter.com/VirITeXplorer/status/1465718520776433664

locstorageinfo.z13.web.core.windows.net

# Reference: https://twitter.com/Max_Mal_/status/1463652707491790852

morishim.com/wp-content/EFhkVPdHVN/
/EFhkVPdHVN/

# Reference: https://twitter.com/Cryptolaemus1/status/1467888926992084992
# Reference: https://twitter.com/Max_Mal_/status/1467935616822394887

dekasitkimya.com/kugh7ig/zNminx5GIx5aHQAunoeLgE/
developmentconsulting.world/4717/R0KjWCh8R3pWoeca4Ky/
mex035.com/8/N5zALqqTmfLxaMH9DstNI/
/kugh7ig/zNminx5GIx5aHQAunoeLgE/
/N5zALqqTmfLxaMH9DstNI/
/R0KjWCh8R3pWoeca4Ky/
/zNminx5GIx5aHQAunoeLgE/

# Reference: https://twitter.com/sugimu_sec/status/1468897544017440770
# Reference: https://www.virustotal.com/gui/file/6d0e2ef17ee4494c3a233bc3c6956dca7d8afb10af26a4ef11ffca256b3d8e39/detection
# Reference: https://paste.cryptolaemus.com/emotet/2019/04/25/emotet-malware-IoCs_04-25-19.html

http://173.73.87.96
198.58.114.91:4143
198.58.114.91:8080
213.136.86.219:7080
aadityaindiawordpress.000webhostapp.com
adel-abbas.000webhostapp.com
alokdastk.000webhostapp.com
alwardani2022.000webhostapp.com
animevn-hd.000webhostapp.com
awasayblog.000webhostapp.com
chiyababu.000webhostapp.com
cinehousehd.000webhostapp.com
csm-team.000webhostapp.com
dac-website.000webhostapp.com
dchkoidze97.000webhostapp.com
despreasigurari.000webhostapp.com
englishwithantony.000webhostapp.com
halalonlines.000webhostapp.com
info-checkus.000webhostapp.com
ketsawi.000webhostapp.com
lojaverbovivo.000webhostapp.com
municieneguillagobpe.000webhostapp.com
negocios-e-financas.000webhostapp.com
newgmp.000webhostapp.com
rapolaswordpress.000webhostapp.com
recycle-teak.000webhostapp.com
slmssdc.000webhostapp.com
thunkablemain.000webhostapp.com
vapercrewslp.000webhostapp.com
zahidahmedtk.000webhostapp.com

# Reference: https://twitter.com/Doka__7/status/1468539339328172035

chihabidine.com
hyperz.top
modamooo.com
monorailegypt.com
pilotscience.com
rjmtel.com

# Reference: https://twitter.com/Doka__7/status/1468580167115325442

editdictionary.com
gzesa.net
snkre.com

# Reference: https://www.virustotal.com/gui/file/17da33f0643e6883c3c501df12c5709981e78c87a27f778a1ae32654d6e87680/detection

116.124.128.206:8080
209.239.112.82:8080
englishteachersacademy.com
mallzman.com
nafasfitness.com
hustlesingleqa.wpmudev.host
rawlogic.flywheelsites.com/wp-content/eUi0BHnETplWn/
/wp-content/eUi0BHnETplWn/
/ctuzbhg7/
/eUi0BHnETplWn/
/mwwJO5ZO1bAxIhDuZtsNA/

# Reference: https://tria.ge/211209-whze2aeedl

172.104.227.98:443
192.254.71.210:443
31.207.89.74:8080
45.118.115.99:8080

# Reference: https://tria.ge/211209-t9dljaebcq/behavioral2

104.131.62.48:8080
128.199.192.135:8080
159.69.237.188:443
185.148.168.15:8080
185.148.168.220:8080
190.90.233.66:443
210.57.209.142:8080
217.182.143.207:443
62.171.178.147:8080

# Reference: https://twitter.com/Max_Mal_/status/1470886072208998411

1.234.65.61:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1473736473744707587

angel.bk.idv.tw/web_images/vB5Enm5Ciwr8/
catholicroundup.com/wp-content/gF1nMkOSsT0Jq/
econews.site/content/pages/IxolPreOkVGdbI9OX/wNu12HviTj/
schedu.teicrete.gr/moodle/report/trainingsessions/xdxd3JtJs4qRKlVX/
sssilkplaster.in/argyrose/Jr8H2ybRNlh5Y/

# Reference: https://tria.ge/211222-xd8nksgfcq

http://87.251.86.178
45.15.23.184:443
162.214.50.39:7080
173.212.193.249:8080
54.37.212.235:80

# Reference: https://twitter.com/malware_traffic/status/1474086707431718922

dcboysofleather.org/wp-admin/aaPJVQxLq9xL7LtEqSBNPasaVLd/
fit4allabilities.wpsupport.urdemo.website/wp-content/KLZjo6Wr3uWaP90/

# Reference: https://twitter.com/malware_traffic/status/1474087109367455744

oravabrewing.co/m4icfr/g0qN0Xb/

# Reference: https://twitter.com/malware_traffic/status/1474089273779310592

beta4.chodoixe.com/wp-content/6ODSX2UojWGrrl/
careeradvicebase.com/wp-includes/uTiCkdD0z08bAMKBrEUQa7gG3xgIp/

# Reference: https://twitter.com/malware_traffic/status/1474093461577994256

depre_dev2.originalprecatorios.com.br/wp-includes/IPJdsPt0TtZdleolsmOE2jSuC/
gallery.turkerozyigit.com/wp-admin/eK8jm2sNnk2/

# Reference:https://twitter.com/VirITeXplorer/status/1474325193539698715

automoto.in.ua/twp8yxk/P82p0AnVSHUU/
conseilprefectoralagadir.ma/ooo/dGhjdeED8L5FjMnuBR/
mgah.flywheelsites.com/images/D7npwK0aI/
oravabrewing.com/m4icfr/g0qN0Xb/
qhyqp.com/wp-admin/6Yiyd8RXexIaEiJTuF/
sovip86.com/get/YOloy/
v4switch.com/packet/1CzImIRIThmzl/

# Reference: https://twitter.com/Max_Mal_/status/1474141632727502848

104.168.155.129:8080

# Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection

your-info-services.xyz
/?user_auth=newpb1_1
/?user_auth=newpb1_2
/?user_auth=newpb1_3
/?user_auth=newpb1_4
/?user_auth=newpb1_5
/?user_auth=newpb1_6
/?user_auth=newpb1_7
/?user_auth=newpb1_8
/?user_auth=newpb1_9

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html (# Win.Dropper.Emotet-9904032-0)

fcvyvvbtdcswh.com
kntkuamkkrwaknrusx.com
mwqgwqcbllxhchd.com
rmprupuvboixif.com

# Reference: https://twitter.com/VirITeXplorer/status/1480849306680758272

o2omart.co.in/infructuose/vlkIcu2LQ0/
gaidov.bg/wp-includes/Ug/
studiokrishnaproduction.com/wp-includes/3mJ/
goodmarketinggroup.com/live_site/Y9cEk9QNlDUeg/
/infructuose/vlkIcu2LQ0/
/live_site/Y9cEk9QNlDUeg/

# Reference: https://twitter.com/pr0xylife/status/1480850321077383170

djokoproperties.com/w0fxf/D99XJ7gfsYlFF/
/w0fxf/D99XJ7gfsYlFF/
/w0fxf/
/D99XJ7gfsYlFF/

# Reference: https://twitter.com/Max_Mal_/status/1480859613885050882

shopnhap.com/highbinder/nnYko9FDNJ/
txingame.com/wp-content/PwKfVQfdhHbAv2j/
wordpressdes.vanzolini-gte.org.br/fundacaotelefonica.org.br/gAbC4QpJYI/
/gAbC4QpJYI/
/nnYko9FDNJ/
/PwKfVQfdhHbAv2j/

# Reference: https://twitter.com/Max_Mal_/status/1480865116853833730
# Reference: https://www.virustotal.com/gui/file/ea6124225b5b6730fe6559a491eea029863a3b092d174a3aea9010e8b213f32c/detection

131.100.24.231:80

# Reference: https://twitter.com/pr0xylife/status/1480853452209238018
# Reference: https://pastebin.com/N565gG3i

131.100.24.231:80
178.63.25.185:443
209.59.138.75:7080
45.176.232.124:443
58.227.42.236:80
79.172.212.216:8080

# Reference: https://twitter.com/pr0xylife/status/1480905083353247749

changeholon.co.il/assets/zqAcz5s31t9/
/assets/zqAcz5s31t9/
/zqAcz5s31t9/

# Reference: https://twitter.com/pr0xylife/status/1481216595703869441

kauffmancreates.com/images/G8050LVq/
sanagrafix.com/udll/fki4w1vFApT4Rwjp1R/
unifiedpharma.com/wp-admin/ildi5K2aTIrdvEobQ/
/fki4w1vFApT4Rwjp1R/
/G8050LVq/
/ildi5K2aTIrdvEobQ/

# Reference: https://twitter.com/pr0xylife/status/1481254831222317065

be-pu.com/4.hana/Y1XWpb1zWMRD/
bestwifirouterreview.xyz/wp-includes/css/uyC/
cloudlucky.xyz/hjxe/XIGH-067296/
glendbank.com/wp-admin/0660433/
josephinebaba.com/licenses/7Doxdg/
sincoherenmachine.com/wp-content/15249437_8957791/
/7Doxdg/
/XIGH-067296/
/Y1XWpb1zWMRD/

# Reference: https://twitter.com/pr0xylife/status/1481270464156680196

easybuy22.xyz/wp-includes/css/zdFH32O6JV6lk3/
esicafirearms.com/default_page_static_resources/276430515036976/
insertcatherreview.xyz/wp-includes/o23k5ted/
mewb.org/wp-admin/2fcpQyzanzkiO1/
/css/zdFH32O6JV6lk3/
/wp-admin/2fcpQyzanzkiO1/
/wp-includes/o23k5ted/
/o23k5ted/
/2fcpQyzanzkiO1/
/zdFH32O6JV6lk3/

# Reference: https://twitter.com/pr0xylife/status/1481280566309838852

dpmcompras.xyz
ecoplastindia.in/obsqj8/867194_0/
online.libertyinvestmentbank.com/__MACOSX/2LbJ1s8tojqtw0/
vlogingcamerareview.xyz/wp-includes/nveHidp/
dpmcompras.xyz/wp-content/R28snV2ko7tgD7yuIVa/
/__MACOSX/2LbJ1s8tojqtw0/
/2LbJ1s8tojqtw0/
/wp-includes/nveHidp/
/wp-content/R28snV2ko7tgD7yuIVa/
/R28snV2ko7tgD7yuIVa/

# Reference: https://twitter.com/dms1899/status/1481372936237989888

yuanbinglun.com/www.yuanbinglun.com/7kKwqmxRWQK0OLi/
laserjetprintersreview.xyz/wp-includes/BJ6yUJ/
2021.posadamision.com/wp-admin/IoqaL08/
/7kKwqmxRWQK0OLi/
/wp-includes/BJ6yUJ/
/wp-admin/IoqaL08/

# Reference: https://twitter.com/dms1899/status/1481372122530422789
# Reference: https://www.virustotal.com/gui/file/135ace077486200deffc6797336cc464b62f91268eef6e6cee687a8c6d792053/detection

http://15.237.135.38
cakemixturereview.xyz
wateringcanreview.xyz
/dza9hr/kjt6/
/wp-includes/css/qky11a/
/wp-includes/U2ayYVCPRhWqERyw4/

# Reference: https://twitter.com/Cryptolaemus1/status/1481535459297837060

dichnghiatienganh.com/jvmqawn/BxWl97O8xLgnzr/
mindfulness-travels.com/wp/1bifhHeHUU8eAeRl/
recont.com/n8xbqb/5H86niA5y/
/jvmqawn/BxWl97O8xLgnzr/
/n8xbqb/5H86niA5y/
/wp/1bifhHeHUU8eAeRl/
/1bifhHeHUU8eAeRl/
/5H86niA5y/
/BxWl97O8xLgnzr/
/n8xbqb/

# Reference: https://twitter.com/Cryptolaemus1/status/1481535462430978052

govtjobresultbd.xyz/wp-content/9SFD/
josephinebaba.com/licenses/GEibxZ0fj/
yougandan.com/wp-content/6BDwcZOgnizqfDmDu/
/licenses/GEibxZ0fj/
/wp-content/6BDwcZOgnizqfDmDu/
/wp-content/9SFD/
/6BDwcZOgnizqfDmDu/
/9SFD/
/GEibxZ0fj/

# Reference: https://twitter.com/Cryptolaemus1/status/1481535460946100224

auto.lambolero.com/f1nygync/J18Keqh/
archives-program.com/lbx2/fq4/
easyfitcr.com/app/LskbLtWaI/
/app/LskbLtWaI/
/f1nygync/J18Keqh/
/lbx2/fq4/
/J18Keqh/
/LskbLtWaI/

# Reference: https://twitter.com/604Kuzushi/status/1481316181634027522

insertcatherreview.xyz/wp-includes/o23k5ted/
mewb.org/wp-admin/2fcpQyzanzkiO1/
tombola.olfactive.net/wp-content/51CTCGQESRVW_3/
/wp-admin/2fcpQyzanzkiO1/
/wp-content/51CTCGQESRVW_3/
/wp-includes/o23k5ted/
/2fcpQyzanzkiO1/
/51CTCGQESRVW_3/
/o23k5ted/

# Reference: https://www.virustotal.com/gui/file/1c3a246a7d0574bf5c8b3b16fde8880c6d8f109fd3b8b50b690068329c46c75a/detection

myvanillastuffs.xyz
cammis.com.br/wp-admin/8lArx/
condi-shop.ru/wp-includes/nWJ/
gosmartmoving.com/wp-content/3QC/
hanh.cz/blogs/XU/
ilfacomercial.cl/wp-includes/P/
/wp-content/3QC/
/wp-admin/8lArx/
/wp-includes/nWJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1481901199917989889

1566xueshe.com/wp-includes/b8YEFeMQpgnpX/
bisnescoway.com/wp-includes/g7Jh/g7Jh/
centrichotel.com/wp-admin/ZBVB66j/
chicagocloudgroup.com/wp-content/updraft/OKXV/
goldfinancenews.com/wp-includes/thCuZE5VAdTQ/
moversphiladelphia.org/cmsxml/9ByFSxP/
staging.mobettertech.com/assets/priWXQiXuU3JH/
therecyclingmachine.com/wp-admin/LzpOZSlkq90fYT1/
zhongmaifangwu.com/TEST777/3U4Un0u/
/TEST777/3U4Un0u/
/assets/priWXQiXuU3JH/
/cmsxml/9ByFSxP/
/wp-admin/LzpOZSlkq90fYT1/
/wp-admin/ZBVB66j/
/wp-content/updraft/
/wp-includes/b8YEFeMQpgnpX/
/wp-includes/g7Jh/
/wp-includes/thCuZE5VAdTQ/
/3U4Un0u/
/9ByFSxP/
/LzpOZSlkq90fYT1/
/ZBVB66j/
/b8YEFeMQpgnpX/
/g7Jh/
/priWXQiXuU3JH/
/thCuZE5VAdTQ/
/updraft/

# Reference: https://twitter.com/pr0xylife/status/1481915188081217539

astrologersandeepbhargav.com/wp-admin/FRwR9VH/
celhocortofilmfestival.stream/css/Naq/
shopnhap.com/highbinder/UedVfTHDf5Em40/
/highbinder/UedVfTHDf5Em40/
/wp-admin/FRwR9VH/
/FRwR9VH/
/UedVfTHDf5Em40/

# Reference: https://twitter.com/Artilllerie/status/1481651830861930512
# Reference: https://0paste.com/346078

45.138.98.34:80
69.16.218.101:8080

# Reference: https://twitter.com/pr0xylife/status/1481983690804797441

91xxxooo.com
badmakeup.biz
hordlepc.com/rootF0x-uyxab/YW8UUhCWN/
/3ez4GMS65Gk6Bgxd/
/hRG6d/
/rootF0x-uyxab/
/YW8UUhCWN/
/dhl/3ez4GMS65Gk6Bgxd/
/get/hRG6d/
/rootF0x-uyxab/YW8UUhCWN/

# Reference: https://twitter.com/Max_Mal_/status/1482156865932910592

monorailegypt.com/wp-admin/6uBf9CCfZRMh/
wordpress.baishuweb.com/wp-includes/10q0ice6/
mail.emilyanncain.com/cgi-bin/A7NT3ENvn/
/cgi-bin/A7NT3ENvn/
/wp-admin/6uBf9CCfZRMh/
/wp-includes/10q0ice6/
/10q0ice6/
/6uBf9CCfZRMh/
/A7NT3ENvn/

# Reference: https://twitter.com/pr0xylife/status/1482309044274663425

crownpacificpartners.com/guglio/Rt4el/
govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/
meca-global.com/wp-admin/LJF_053824/
nbp-c.com/ya/O0BO5vb3z1MkWcDOqV2/
ostadsarma.com/wp-admin/JNgASjNC/
rjmtel.com/wp-content/bYAiTvGo635qKITG6/
solr.yakari.id/wp-content/UM-56567/
thesensescollection.com/wp-admin/nmpk_799/
zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
/guglio/Rt4el/
/packet/AlvJ8OdtSYEeeCQP/
/sjjz/UIUhOHsLqjOy9/
/wp-admin/JNgASjNC/
/wp-admin/LJF_053824/
/wp-admin/nmpk_799/
/wp-content/UM-56567/
/wp-content/bYAiTvGo635qKITG6/
/ya/O0BO5vb3z1MkWcDOqV2/
/AlvJ8OdtSYEeeCQP/
/JNgASjNC/
/LJF_053824/
/O0BO5vb3z1MkWcDOqV2/
/UIUhOHsLqjOy9/
/UM-56567/
/bYAiTvGo635qKITG6/
/nmpk_799/

# Reference: https://www.virustotal.com/gui/file/7d37b6d909b0564605a92781d24f6a2da662b176d749562497aef5ee173c01f8/detection

kobo.nhanhwebvn.com/wp-admin/Cy4bJWG2PW/
/wp-admin/Cy4bJWG2PW/
/Cy4bJWG2PW/

# Reference: https://twitter.com/pr0xylife/status/1483008490511736834

shop.lambolero.com/iiwkjgp/eu7rH6/
api.task-lite.com/-/EYe3DEfcw7LCaU6T/
celhocortofilmfestival.stream/css/oQSBr44obE/
/-/EYe3DEfcw7LCaU6T/
/css/oQSBr44obE/
/iiwkjgp/eu7rH6/
/EYe3DEfcw7LCaU6T/
/oQSBr44obE/
/iiwkjgp/
/eu7rH6/

# Reference: https://twitter.com/pr0xylife/status/1483022867499470853

avionxpress.com/lp/T9b1Bga4FdDfP5HI/
kihonhair.com.br/wp-admin/images/943564_752108/
/lp/T9b1Bga4FdDfP5HI/
/T9b1Bga4FdDfP5HI/

# Reference: https://twitter.com/1ZRR4H/status/1483180060450635776
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-01-17_Emotet_MaldocURLs

http://3.144.77.67
3demon.biz/2fh0g/24630_55/
3demon.biz/2fh0g/5630UOCU_099413/
3demon.biz/2fh0g/AYHQB_079741/
5buckshop.ml/wp-includes/2064_90932/
5buckshop.ml/wp-includes/614283746323/
5buckshop.ml/wp-includes/6373959IGARUNW_9493/
5gtodo.com/content/IMI_737/
abigaillagus.com/wp-includes/844645682_3352/
accounting-programss.com/ghcvf/775077-420744/
admin.sattaking-real.com/globals/207819679933/
admin.sattaking-real.com/globals/K-224158/
adnl.com.mx/manutenzione/NGJWW_3714/
agdm.ml/wp-admin/L-67525/
aimeos.softuvo.xyz/packages/57_3089588/
alignerpliers.com/er1lrd/792TWAHUC_29/
alignerpliers.com/er1lrd/CSUM73/
ammoments.com/NSTIFestival/V-71552/
angel.bk.idv.tw/web_images/195873537396/
api.task-lite.com/-/922537-926678/
api.task-lite.com/-/HN-43701046/
apidev.sunworld.vn/routes/74203485_772506804/80736153-93/
apple-service93.ru/wp-includes/FJG_722210631/
ariesnetwork.co.uk/cgi-bin/N_343276561/
asolmart.com/wp-includes/6wo63l/
auto.lambolero.com/f1nygync/065138_50/
autoemail.zpesport.com/static/489568890680/
autoemail.zpesport.com/static/FUc25542/
automoto.in.ua/twp8yxk/8601057-6361/
avayesanat.ir/wp-admin/054607806_6357300/
avayesanat.ir/wp-admin/7029123-7525319/
avayesanat.ir/wp-admin/LGR_7686086/
avionxpress.com/lp/248437057060/
behaviouralworkshop.com/msuvpkl/39078592_0049563/
bisnesservis-fk.ru/phalangist/63841_8110773/
bisnesservis-fk.ru/phalangist/9711415307552/
blakeriot.com/z38nil9/6396150382138/
blakeriot.com/z38nil9/GVC98/
blog.stetgzs.cn/wp-content/6580156_924590/
bloom-here.org/wp-content/03152002RDFHV_3669/
bloom-here.org/wp-content/045566VCUOWKGLUV82023/
bloom-here.org/wp-content/OC_366/
boardingschoolsoftware.com/Vineet_Backup/78765051_2/
bricolambert.com/wp-admin/6019OQXHOG-341528/
bricolambert.com/wp-admin/75748004872301/
bricolambert.com/wp-admin/8716_84622/
buildotech.com/hijy/11PLKCJMED_49806929/
canadacannabis.live/wp-includes/Y-76388385/
casinoc.ru/akt34/076tkZZDP/9334328-1553827/
casinoc.ru/akt34/WLL83/
casinoc.ru/akt34/wzq-883/
castlenkings.com/wp-includes/CFpH_1214/
celhocortofilmfestival.stream/css/FYLRQ-350/
centralcdmx.gq/wp-admin/53442142_1285745/
challenge.capelle-fotografeert.nl/img/19691-6/
challenge.capelle-fotografeert.nl/img/6103876685/
challenge.capelle-fotografeert.nl/img/80806385236188/
charmsukh.vip/wp-includes/certificates/g_33941/
charmsukh.vip/wp-includes/certificates/hdyi_0444371/
child.dental/wp-content/44353536_6/
child.dental/wp-content/JNXQ6450922/
chiukim.com/1nshiol/5260_22/
chiukim.com/1nshiol/C_1588076/
cisjamaica.com/0av60391igppygl/3895457072777837/
cisjamaica.com/0av60391igppygl/PODML-05/
computec-zim.com.mx/llyy5br/08368396RLOLADW-2330/
computec-zim.com.mx/llyy5br/WX_927/
computec-zim.com.mx/llyy5br/ajgmj_03273682/
comsatnet.com/ComsatNet/0804401-830313/
comsatnet.com/ComsatNet/1900_35398/
cursossemana.com/wp-content/62091_374/
demo.avionxpress.com/rbud/PE-29121/
demo.avionxpress.com/rbud/qrkff_26636/
demo.birgeek.ir/dist/29111648WXNCTLG_8/
demo.birgeek.ir/dist/64533236-39263855/
demo.birgeek.ir/dist/920263369_34093/
demo.nhabe360.com/3/oacaiw_680152/
denunciator.dimenxion.es/wp-admin/22_4/
denunciator.dimenxion.es/wp-admin/73919/
denunciator.dimenxion.es/wp-admin/hB_06379/
deti.czsv.dp.ua/wp/179GJUWBWV-9360/
dev.sonicartoriginals.com/wp-content/3085594/
dev.sonicartoriginals.com/wp-content/95349859CXW_09/
divinaprovidenciaautlan.com/wp-content/YWTCJ-4/
divinaprovidenciaautlan.com/wp-content/ieg84/
donate.lambolero.com/-/CXTHQ_27775/
donate.lambolero.com/-/TXI_526114/
dukaree.com/wp-includes/6711444_861021/
dukaree.com/wp-includes/ore_49089/
eaton.edu.my/pki-validation/934144_669980/
efaxbox4document.crepsad.tg/qdu4o/558727461969/
efaxbox4document.crepsad.tg/qdu4o/B_337328/
elearning.physiotraining.com.gt/6xtdv/E_024/
elearning.physiotraining.com.gt/AAQ/3990682_65635580/
elearning.physiotraining.com.gt/AAQ/PGE_08517721/
encuentroagromatrisoja.com/cgi-bin/IGRYv61/
encuentroagromatrisoja.com/cgi-bin/TQ17769450/
erizo.webarrive.com/cgi-bin/N5611/
esakip.dev.semarangkab.go.id/application/131102GFWZOPN4344/
esakip.dev.semarangkab.go.id/application/m_786948/
evaluecrm.com/wp-content/5653QNW_4235308/
evaluecrm.com/wp-content/70543625/
expansion.co.uk/cyr2latl/391_250588263/
fitrahhanniah.sch.id/p2db.fitrahhanniah.sch.id/6111/
fitrahhanniah.sch.id/p2db.fitrahhanniah.sch.id/PR-8897/
fortcomfurniture.com/wp-content/TZXK-02153690/
freereadmanga.com/temp/9625-70165/
freereadmanga.com/temp/SLRH805/
freereadmanga.com/temp/VQ-093818/
fromtofor.ca/redetermination/213924_7182/
fromtofor.ca/redetermination/52362675-8225473/
fromtofor.ca/redetermination/NBF64/
fse.in.ua/layouts/iniryg_378/
geetanjaliconstructions.com/gallery_js/XR_931922/
getbetadeal.com.ng/jr/557376791_63/
getbetadeal.com.ng/jr/SMS-97632765/
getbetadeal.com.ng/jr/fco9481/
glendbank.com/wp-admin/0660433/
glendbank.com/wp-admin/Z97/
graniteprint.co.uk/derivedness/569392-2976/
graniteprint.co.uk/derivedness/JIN_8864/
graniteprint.co.uk/derivedness/rjptc_24531/
greatmagazinesgift.co.uk/quo-officiis/Ue15238965/
guardagfq.xyz/wp-content/2679577_8/
guardagfq.xyz/wp-content/HOA_030163/
gzesa.net/wp-includes/ID3/OJ51/
gzndfit.com/520/72171-019/
hammerpzjx.xyz/qatta/596FVEZHHXZZY_9/
hammerpzjx.xyz/qatta/P_222863/
hbaa.law/wp/30136_0/
hbaa.law/wp/SM42099/
hbaa.law/wp/szremm-05/
humvegetarian.w3.eyeteam.vn/themes/1466882965486/
humvegetarian.w3.eyeteam.vn/themes/BBXY_5410/
hz1.xhjmmm.com/fz/LNSHA31102/
hz1.xhjmmm.com/fz/NRU_22/
ikomfort.hk/box/czr-16786/
infomakers.com.br/wp-includes/1091593-843835/
infomakers.com.br/wp-includes/15426038862272/
infomakers.com.br/wp-includes/q7573185/
kamac.com.br/wp-content/222335655_4377/
kamac.com.br/wp-content/7888490_488098/
kangharu.id/Docker/042144_138028038/
kangharu.id/Docker/49134348NXDEO-393072/
kangharu.id/Docker/H-599688/
karnalbreakingnews.com/wp-includes/QHALW-12/
karnalbreakingnews.com/wp-includes/jsfprwo9/
khbd.41319.top/e/6013413413915668/
khbd.41319.top/e/toggifq-1122/
kihonhair.com.br/wp-admin/images/1373443030/
kihonhair.com.br/wp-admin/images/856KICQJ_3528/
kihonhair.com.br/wp-admin/images/943564_752108/
kopalpublicschool.com/js/4671138-2142871/
landing.serv-il.co.il/kd/5363_9266/
landing.serv-il.co.il/kd/61692-80465990/
landing.serv-il.co.il/kd/TMG-42405640/
leadphysio.com/wp-content/plugins/dwe/P_31/
learning.fawe.org/wp-content/210322476-34286/
mebli-land.com/g17ch6vk/15LVID_41625495/
meca-global.com/wp-admin/LJF_053824/
meca-global.com/wp-admin/NA_368/
meca-global.com/wp-admin/Pp_180787/
meca.global/wp-admin/0904XOYQQCP_283853/
meca.global/wp-admin/CEGR_030275314/
meca.global/wp-admin/e_9/
medicinskaskolaberane.edu.me/wp-content/SG-68041023/
meltatours.co.za/6982LPXYTQEINP-6448/
meltatours.co.za/AQ35/
mex035.com/8/9307883_616563/
mex035.com/8/XXQ77161/
milhojas.is/wp-admin/834600889_482/
milhojas.is/wp-admin/BF67602/
milhojas.is/wp-admin/J_2667/
monosun.net/wp-includes/77593230-025420/
motocarbrasil.org/segundavia/5923538_98/
motocarbrasil.org/segundavia/MBG_0577/
mtc.joburg.org.za/-/5259-337/
mtc.joburg.org.za/-/9153684_12245/
mtc.joburg.org.za/-/FJ_982/
mymicrogreen.mightcode.com/pub/O-60037/
nattawut-gamefowl.com/wp-admin/39919-49912177/
ngoxrana.uz/wp-content/4125691_36232/
ngoxrana.uz/wp-content/627125_3762/
notesculture.com/wp-includes/711821379-472/
o2omart.co.in/infructuose/L_41153/
old.liceum9.ru/images/076277JLMQAVJ_9309/
old.liceum9.ru/images/159_23/
old.liceum9.ru/images/jcqrej-12499525/
onebet.co.ug/wp-content/243269MQMOA_50/
opornik55.ru/wp-content/uploads/MQ_44207/
ordereasy.hk/error/0146-87417/
ordereasy.hk/error/tyj_755240/
ozvita.club/wp-includes/kpmlgj_715340/
padhehindime.com/wp-admin/1933AJLB08/
padhehindime.com/wp-admin/MD-029/
padsea.cn/unmisgivingly/567895NGRJ-551395/
padsea.cn/unmisgivingly/621_480/
padsea.cn/unmisgivingly/URL-589/
panel.betfredtakeaway.com/awJPDGElQ/6687936_039389064/
pasionportufuturo.pe/wp-content/04629089_837/
pasionportufuturo.pe/wp-content/Qlwvq_344/
pedagogicobilingue.edu.pe/wp-content/1123973/
pedagogicobilingue.edu.pe/wp-content/L_056695/
pedagogicobilingue.edu.pe/wp-content/N-702226/
phehellatech.demo9lec.co.za/yqckzi/89016144772/
portocenterhotel.com.br/lem/386439354_5027654/
portocenterhotel.com.br/lem/80830-57276/
project4.monster-online.com/wzjmkm/42471635/
project4.monster-online.com/wzjmkm/67FFIUGDAEXK-93278/
project4.monster-online.com/wzjmkm/mew-67260/
project7.monster-online.com/images/966801862_45/
ptmanishsharma.site/d2os/V-8/
ronakdaru.com/wp-admin/waWz02165/
ruperhatcosmetics.xyz/wp-content/85114948XTPPLGDYEO_679/
ruperhatcosmetics.xyz/wp-content/rsv_2608531/
samritz1.atpvitaltesting.com/vg5c/9545_345/
samritz1.atpvitaltesting.com/vg5c/965_8044/
share.ogivart.us/mailv/103721773_61088/
share.ogivart.us/mailv/1728717/
share.ogivart.us/mailv/ZNXIF_98705/
shop.lambolero.com/iiwkjgp/jqzixzn_96581/
shop.lambolero.com/iiwkjgp/tfri_9419/
simunyepoolservices.demo9lec.co.za/70omzs/rr6eY1LlKxiJpRkyXb/
singsamut.ac.th/4uvmw/11909163/
site.aau.edu.et/pigeonholer/413594844/
site.aau.edu.et/pigeonholer/5755_795/
site.aau.edu.et/wp-admin/QSIM-68900/
smarthealthcare.pk/a/105953-666/
softisans.com/admin/5070379LOCUHHA657/
sp.mongoso.com/wp-content/98884121389541/
sp.mongoso.com/wp-content/edapxn_3379/
stermygh.com/wp-admin/107703_95/
stermygh.com/wp-admin/130680_0/
t.tops.video/t/29882-804/
t.tops.video/t/HPlA9064/
t.tops.video/t/HQRUS_21172563/
te.pppleohhh.xyz/test/81_53507/
te.pppleohhh.xyz/test/92838080-43105207/
test.la-boticaria.com/wp-content/07362190-8288592/
testmp.dune.ru/wp-content/021930_85/
testmp.dune.ru/wp-content/3347246-493/
testmp.dune.ru/wp-content/36833322550/
testmp.dune.ru/wp-content/45477300-62539359/
torshshop.ir/wp-admin/08672110078/
torshshop.ir/wp-admin/1387159-468999142/
torshshop.ir/wp-admin/IP-702709021/
towardsun.net/admin/68955_80/
trade-agro.top/e/QXSY-740/
tradefactweb.azurewebsites.net/calendar/66466422_13/
tradefactweb.azurewebsites.net/calendar/749086_5815972/
trippytours.in/tx7p6/67632814_7/
txingame.com/wp-content/91936257-2659962/
vintres.com.br/wp-includes/55130687688/
virtual.tecnologicojuanjui.edu.pe/availability/g-34520/
vnamazon.vn/genethliacs/4278747845393/
vnamazon.vn/genethliacs/QKVC_688310/
vulkanvegasbonus.jeunete.com/wp-content/066279614_229/
wearsweetbomb.com/wp-content/1LtVz8y0f7CuWwH58M8tb8/99328410_88/
wearsweetbomb.com/wp-content/46607746EWOD9/
womenonwheelsmtb.demo9lec.co.za/cnegwgkr/SEfJs-0152/
xn--vysx78fh5q.tw/51094_192/
yougandan.com/wp-content/uz_415/
znzhou.top/wp-admin/TXSH-9651347/
/ew/35106368971278/
/-/5259-337/
/-/9153684_12245/
/-/922537-926678/
/-/CXTHQ_27775/
/-/FJ_982/
/-/HN-43701046/
/-/TXI_526114/
/0av60391igppygl/3895457072777837/
/0av60391igppygl/PODML-05/
/1nshiol/5260_22/
/1nshiol/C_1588076/
/2fh0g/24630_55/
/2fh0g/5630UOCU_099413/
/2fh0g/AYHQB_079741/
/3/oacaiw_680152/
/4uvmw/11909163/
/51094_192/
/520/72171-019/
/6982LPXYTQEINP-6448//
/6xtdv/E_024/
/70omzs/rr6eY1LlKxiJpRkyXb/
/8/9307883_616563/
/8/XXQ77161/
/a/105953-666/
/AAQ/3990682_65635580/
/AAQ/PGE_08517721/
/admin/5070379LOCUHHA657/
/admin/68955_80/
/akt34/076tkZZDP/
/akt34/WLL83/
/akt34/wzq-883/
/application/131102GFWZOPN4344/
/application/m_786948/
/AQ35//
/availability/g-34520/
/awJPDGElQ/6687936_039389064/
/box/czr-16786/
/calendar/66466422_13/
/calendar/749086_5815972/
/cgi-bin/IGRYv61/
/cgi-bin/N5611/
/cgi-bin/N_343276561/
/cgi-bin/TQ17769450/
/cnegwgkr/SEfJs-0152/
/ComsatNet/0804401-830313/
/ComsatNet/1900_35398/
/content/IMI_737/
/css/FYLRQ-350/
/cyr2latl/391_250588263/
/d2os/V-8/
/derivedness/569392-2976/
/derivedness/JIN_8864/
/derivedness/rjptc_24531/
/dist/29111648WXNCTLG_8/
/dist/64533236-39263855/
/dist/920263369_34093/
/Docker/042144_138028038/
/Docker/49134348NXDEO-393072/
/Docker/H-599688/
/e/6013413413915668/
/e/QXSY-740/
/e/toggifq-1122/
/er1lrd/792TWAHUC_29/
/er1lrd/CSUM73/
/error/0146-87417/
/error/tyj_755240/
/f1nygync/065138_50/
/fz/LNSHA31102/
/fz/NRU_22/
/g17ch6vk/15LVID_41625495/
/gallery_js/XR_931922/
/genethliacs/4278747845393/
/genethliacs/QKVC_688310/
/ghcvf/775077-420744/
/globals/207819679933/
/globals/K-224158/
/hijy/11PLKCJMED_49806929/
/iiwkjgp/jqzixzn_96581/
/iiwkjgp/tfri_9419/
/images/076277JLMQAVJ_9309/
/images/159_23/
/images/966801862_45/
/images/jcqrej-12499525/
/img/19691-6/
/img/6103876685/
/img/80806385236188/
/infructuose/L_41153/
/jr/557376791_63/
/jr/fco9481/
/jr/SMS-97632765/
/js/4671138-2142871/
/kd/5363_9266/
/kd/61692-80465990/
/kd/TMG-42405640/
/layouts/iniryg_378/
/lem/386439354_5027654/
/lem/80830-57276/
/llyy5br/08368396RLOLADW-2330/
/llyy5br/ajgmj_03273682/
/llyy5br/WX_927/
/lp/248437057060/
/mailv/103721773_61088/
/mailv/1728717/
/mailv/ZNXIF_98705/
/manutenzione/NGJWW_3714/
/msuvpkl/39078592_0049563/
/NSTIFestival/V-71552/
/p2db.fitrahhanniah.sch.id/6111/
/p2db.fitrahhanniah.sch.id/PR-8897/
/packages/57_3089588/
/phalangist/63841_8110773/
/phalangist/9711415307552/
/pigeonholer/413594844/
/pigeonholer/5755_795/
/pki-validation/934144_669980/
/pub/O-60037/
/qatta/596FVEZHHXZZY_9/
/qatta/P_222863/
/qdu4o/558727461969/
/qdu4o/B_337328/
/quo-officiis/Ue15238965/
/rbud/PE-29121/
/rbud/qrkff_26636/
/redetermination/213924_7182/
/redetermination/52362675-8225473/
/redetermination/NBF64/
/routes/74203485_772506804/
/segundavia/5923538_98/
/segundavia/MBG_0577/
/static/489568890680/
/static/FUc25542/
/t/29882-804/
/t/HPlA9064/
/t/HQRUS_21172563/
/temp/9625-70165/
/temp/SLRH805/
/temp/VQ-093818/
/test/81_53507/
/test/92838080-43105207/
/themes/1466882965486/
/themes/BBXY_5410/
/twp8yxk/8601057-6361/
/tx7p6/67632814_7/
/unmisgivingly/567895NGRJ-551395/
/unmisgivingly/621_480/
/unmisgivingly/URL-589/
/vg5c/9545_345/
/vg5c/965_8044/
/Vineet_Backup/78765051_2/
/web_images/195873537396/
/wp-admin/054607806_6357300/
/wp-admin/0660433/
/wp-admin/08672110078/
/wp-admin/0904XOYQQCP_283853/
/wp-admin/107703_95/
/wp-admin/130680_0/
/wp-admin/1387159-468999142/
/wp-admin/1933AJLB08/
/wp-admin/22_4/
/wp-admin/39919-49912177/
/wp-admin/53442142_1285745/
/wp-admin/6019OQXHOG-341528/
/wp-admin/7029123-7525319/
/wp-admin/73919/
/wp-admin/75748004872301/
/wp-admin/834600889_482/
/wp-admin/8716_84622/
/wp-admin/BF67602/
/wp-admin/CEGR_030275314/
/wp-admin/e_9/
/wp-admin/hB_06379/
/wp-admin/IP-702709021/
/wp-admin/J_2667/
/wp-admin/L-67525/
/wp-admin/LGR_7686086/
/wp-admin/LJF_053824/
/wp-admin/MD-029/
/wp-admin/NA_368/
/wp-admin/Pp_180787/
/wp-admin/QSIM-68900/
/wp-admin/TXSH-9651347/
/wp-admin/waWz02165/
/wp-admin/Z97/
/wp-content/021930_85/
/wp-content/03152002RDFHV_3669/
/wp-content/045566VCUOWKGLUV82023/
/wp-content/04629089_837/
/wp-content/066279614_229/
/wp-content/07362190-8288592/
/wp-content/1123973/
/wp-content/1LtVz8y0f7CuWwH58M8tb8/
/wp-content/210322476-34286/
/wp-content/222335655_4377/
/wp-content/243269MQMOA_50/
/wp-content/2679577_8/
/wp-content/3085594/
/wp-content/3347246-493/
/wp-content/36833322550/
/wp-content/4125691_36232/
/wp-content/44353536_6/
/wp-content/45477300-62539359/
/wp-content/46607746EWOD9/
/wp-content/5653QNW_4235308/
/wp-content/62091_374/
/wp-content/627125_3762/
/wp-content/6580156_924590/
/wp-content/70543625/
/wp-content/7888490_488098/
/wp-content/85114948XTPPLGDYEO_679/
/wp-content/91936257-2659962/
/wp-content/95349859CXW_09/
/wp-content/98884121389541/
/wp-content/edapxn_3379/
/wp-content/HOA_030163/
/wp-content/ieg84/
/wp-content/JNXQ6450922/
/wp-content/L_056695/
/wp-content/N-702226/
/wp-content/OC_366/
/wp-content/Qlwvq_344/
/wp-content/rsv_2608531/
/wp-content/SG-68041023/
/wp-content/TZXK-02153690/
/wp-content/uz_415/
/wp-content/YWTCJ-4/
/wp-includes/1091593-843835/
/wp-includes/15426038862272/
/wp-includes/2064_90932/
/wp-includes/55130687688/
/wp-includes/614283746323/
/wp-includes/6373959IGARUNW_9493/
/wp-includes/6711444_861021/
/wp-includes/6wo63l/
/wp-includes/711821379-472/
/wp-includes/77593230-025420/
/wp-includes/844645682_3352/
/wp-includes/certificates/
/wp-includes/CFpH_1214/
/wp-includes/FJG_722210631/
/wp-includes/ID3/
/wp-includes/jsfprwo9/
/wp-includes/kpmlgj_715340/
/wp-includes/ore_49089/
/wp-includes/q7573185/
/wp-includes/QHALW-12/
/wp-includes/Y-76388385/
/wp/179GJUWBWV-9360/
/wp/30136_0/
/wp/SM42099/
/wp/szremm-05/
/wzjmkm/42471635/
/wzjmkm/67FFIUGDAEXK-93278/
/wzjmkm/mew-67260/
/yqckzi/89016144772/
/z38nil9/6396150382138/
/z38nil9/GVC98/

# Reference: https://twitter.com/Max_Mal_/status/1483223283394916354
# Reference: https://www.virustotal.com/gui/file/4d8e2810328f7a442cb42a185f4377f8f14a121074116ac6073aca8d60a5b5de/detection

http://193.42.36.245
144.217.88.125:443
mecaglobal.com/qxim/TlDTjlxYAdwU/
/qxim/TlDTjlxYAdwU/
/TlDTjlxYAdwU/

# Reference: https://twitter.com/pr0xylife/status/1483380330652487680
# Reference: https://www.joesandbox.com/analysis/554688/0/html

http://185.7.214.7
2021.posadamision.com/wp-admin/gO7Qvfd1/
uber-ourtaxi.az/eha/2g4/
/wp-admin/gO7Qvfd1/
/gO7Qvfd1/

# Reference: https://www.virustotal.com/gui/file/0fe1b8af019c074d64290edeaa34e98153fbb5253a7786850aac447a0ef97c1f/detection

http://92.255.85.234
/LOGOGOGOGOX/gate.php
/LOGOGOGOGOX/

# Reference: https://twitter.com/pr0xylife/status/1483388093931663363

plus-x.xsrv.jp/assets/oN0/
senior.tims.se/-/6s/

# Reference: https://twitter.com/pr0xylife/status/1483465871221833728

mail.agreatfurnitureplace.com/tibs/dVP6KA4UVKQvXOQj9IbyWDEodvgpmi/
/tibs/dVP6KA4UVKQvXOQj9IbyWDEodvgpmi/
/dVP6KA4UVKQvXOQj9IbyWDEodvgpmi/

# Reference: https://twitter.com/pr0xylife/status/1483481218192711685

tekbaz.com/assets/TLEgzl_04973/
/assets/TLEgzl_04973/
/TLEgzl_04973/

# Reference: https://twitter.com/pr0xylife/status/1483756704886145029

blog.incentivar.io/wp-admin/user/02_651977/
hot.valuemark.co.kr/-/928747-30/
mechvity.com/wp-admin-old/rU-26479181/
/-/928747-30/
/wp-admin-old/rU-26479181/
/wp-admin/user/02_651977/

# Reference: https://twitter.com/pr0xylife/status/1483735728421023745

http://92.255.57.195
9b-p.work/itdb/70OHUJJSFAHR29/
kastamonulezzetrehberi.com/cszc/rPJJUvdOz/
/cszc/rPJJUvdOz/
/itdb/70OHUJJSFAHR29/
/70OHUJJSFAHR29/
/rPJJUvdOz/

# Reference: https://twitter.com/pr0xylife/status/1483786823843422214
# Reference: https://twitter.com/pr0xylife/status/1483790907279396869

biorays.com.pk/-/954812233-1730/
okesitamari.sakura.ne.jp/PPC/V-18/
/-/954812233-1730/
/PPC/V-18/

# Reference: https://twitter.com/Max_Mal_/status/1483923458375434243

1.234.65.61:8080
114.79.130.68:443
159.65.163.220:443
198.27.67.35:8080
202.29.239.161:443
207.180.228.237:8081
62.141.45.103:443

# Reference: https://twitter.com/pr0xylife/status/1484098023160528897

new.maashantiskills.com/wp-admin/682_43/
quranthemepark.com/wp-content/OaIz2gBtm/
/wp-admin/682_43/
/wp-content/OaIz2gBtm/

# Reference: https://twitter.com/pr0xylife/status/1484124222289022976

benessere-consapevole.it/wp-admin/NPB1898801/
group.tims.se/4qj3vg/BB-64345/
jayambikadevelopers.com/jx8p/RYG-0/
leadrise.co/wp-includes/687669079_7470366/
/4qj3vg/BB-64345/
/jx8p/RYG-0/
/wp-admin/NPB1898801/
/wp-includes/687669079_7470366/

# Reference: https://twitter.com/pr0xylife/status/1484140551083544578

prestashop01.aftershipdemo.com/tools/apvQh9nJWhX3nurFayA6pIiggRG/
/tools/apvQh9nJWhX3nurFayA6pIiggRG/
/apvQh9nJWhX3nurFayA6pIiggRG/

# Reference: https://twitter.com/pr0xylife/status/1484170278162812930

mta-sts.mx.theblindgardener.com/-/1907950-190347/
miruva.net/cgi-bin/4391707824422/
/-/1907950-190347/
/cgi-bin/4391707824422/

# Reference: https://twitter.com/pr0xylife/status/1484182099913412616

proveedoramedica.mx/wp-admin/GGa3ZVRRdxRoASc0aZ1CHwLbZmD/
/wp-admin/GGa3ZVRRdxRoASc0aZ1CHwLbZmD/
/GGa3ZVRRdxRoASc0aZ1CHwLbZmD/

# Reference: https://twitter.com/pr0xylife/status/1484188438836355072

megatrussglobal.co.id/q4avd/tjzbD/
/q4avd/tjzbD/

# Reference: https://twitter.com/pr0xylife/status/1484198744467939341

u89134p84288.web0129.zxcs-klant.nl/pi0k52/4108946-164835382/
/pi0k52/4108946-164835382/

# Reference: https://twitter.com/pr0xylife/status/1484217511486922756

meicoe.com/wp-admin/jQ5K/
/wp-admin/jQ5K/

# Reference: https://twitter.com/Max_Mal_/status/1484520272078200834

hindimedia.in/wp-content/uploads/iXntuGFqLE31oHsTk/
/iXntuGFqLE31oHsTk/

# Reference: https://twitter.com/pr0xylife/status/1484592163241730053

eggsupgrillfranchise.com/wp-content/Wp4robwtHZX0inA/
/wp-content/Wp4robwtHZX0inA/
/Wp4robwtHZX0inA/

# Reference: https://twitter.com/DmitriyMelikov/status/1485027546173485056

clearph.flywheelsites.com/Fox-C/keCDee8C2D9GGNyQ/
/Fox-C/keCDee8C2D9GGNyQ/
/keCDee8C2D9GGNyQ/

# Reference: https://twitter.com/pr0xylife/status/1485561795544817670

ss100feet.com/b/t681UHJz/
/b/t681UHJz/
/t681UHJz/

# Reference: https://twitter.com/tosscoinwitcher/status/1485719577447198720

journeypropertysolutions.com/cterq/KeG/
/cterq/KeG/

# Reference: https://twitter.com/tosscoinwitcher/status/1485764790144299008

id-tiara.com/well-known/hbPI8/
royallifeagroindia.com/Fox-C/7H/
/Fox-C/7H/
/well-known/hbPI8/

# Reference: https://twitter.com/Max_Mal_/status/1485745211842125824

162.243.175.63:443
80.211.3.13:8080

# Reference: https://twitter.com/pr0xylife/status/1485913389188661253

crisbdev.com/wp-content/2dmXYgLVdkV/
dandtpremierhomes.com/eapn/lpN6dcAppn/
keluargamalaysia.bliblah.com/cgi-bin/FUzc3KOKN3DNeee/
pinnaclehomesusa.net/870xg9/pNp3a1iHCKaZwYEV/
pozhadvokat.com/images/QmZXA9kRUU8xZZF/
ppdbsma.insanrabbany.sch.id/gkvvb/sXVYo8HsPSFQh/
queens.renovatiog.ltd/wp-includes/LDH/
remedy.eventmasti.com/vendor/Y2XclYoCdDzSSua/
renovatiomarketing.com/renovatiomarketing.com/A/
rkeeperua.com/include/FXBsVAOd1U/
/870xg9/pNp3a1iHCKaZwYEV/
/cgi-bin/FUzc3KOKN3DNeee/
/eapn/lpN6dcAppn/
/gkvvb/sXVYo8HsPSFQh/
/images/QmZXA9kRUU8xZZF/
/include/FXBsVAOd1U/
/vendor/Y2XclYoCdDzSSua/
/wp-content/2dmXYgLVdkV/
/wp-includes/LDH/
/2dmXYgLVdkV/
/FUzc3KOKN3DNeee/
/FXBsVAOd1U/
/lpN6dcAppn/
/pNp3a1iHCKaZwYEV/
/QmZXA9kRUU8xZZF/
/sXVYo8HsPSFQh/
/Y2XclYoCdDzSSua/

# Reference: https://twitter.com/pr0xylife/status/1485961737186725889

tsuiterublog.com/-/l9YnV47ha/
/-/l9YnV47ha/

# Reference: https://twitter.com/pr0xylife/status/1486275859455561728
# Reference: https://twitter.com/pr0xylife/status/1486297619844550662
# Reference: https://pastebin.com/8pckk3Yc

http://91.240.118.168
185.168.130.138:443
185.244.166.137:443
203.153.216.46:443
59.148.253.194:443
85.25.120.45:8080
unifiedpharma.com/wp-content/5arxM/
/wp-content/5arxM/

# Reference: https://twitter.com/pr0xylife/status/1486330580774096899
# Reference: https://pastebin.com/BmRcpvRs

accessunited-bank.com/admin/hzIgVwq8btak/
artanddesign.one/wp-content/uploads/A2cZL7/
autodiscover.karlamejia.com/wp-admin/hcdnVlRIiwvTVrJjJEE/
connecticutsfinestmovers.com/Fox-C/mVwOqxT17gVWaE8E/
crmweb.info/bitrix/rc9XjtwF/
eleccom.shop/services/AEjSDj/
hotelamerpalace.com/Fox-C404/LEPqPJpt4Gbr8BHAn/
icfacn.com/runtime/n7qA2YStudp/
izocab.com/nashi-klienty/B5SC/
krezol-group.com/images/PmLGLKYeCBs5d/
ledcaopingdeng.com/wp-includes/Qq39yj7fpvk/
pigij.com/wp-admin/MVW5/
strawberry.kids-singer.net/assets_c/WAdvNT84Dmu/
unifiedpharma.com/wp-content/5arxM/
/Fox-C/mVwOqxT17gVWaE8E/
/Fox-C404/LEPqPJpt4Gbr8BHAn/
/admin/hzIgVwq8btak/
/assets_c/WAdvNT84Dmu/
/bitrix/rc9XjtwF/
/images/PmLGLKYeCBs5d/
/nashi-klienty/B5SC/
/runtime/n7qA2YStudp/
/services/AEjSDj/
/wp-admin/MVW5/
/wp-admin/hcdnVlRIiwvTVrJjJEE/
/wp-content/5arxM/
/wp-includes/Qq39yj7fpvk/
/5arxM/
/AEjSDj/
/LEPqPJpt4Gbr8BHAn/
/PmLGLKYeCBs5d/
/Qq39yj7fpvk/
/WAdvNT84Dmu/
/hcdnVlRIiwvTVrJjJEE/
/hzIgVwq8btak/
/mVwOqxT17gVWaE8E/
/n7qA2YStudp/
/rc9XjtwF/

# Reference: https://twitter.com/1ZRR4H/status/1486124169091764230
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-01-25_Emotet_DownloadURLs

http://47.244.189.73/well-known/FUk/
1asehrgut.com/dup-installer/3vESrkJAS97l/
23brickstreet.com/wp-content/aTIYB3QYHZt/
247entertainment.com.ng/95p3tu4h/5590702_1274/
3dinspection.demowork.com/WDISOFTWARE.COM/82298/
9b-p.work/itdb/vC0S9E4XvEsWOUzHKBN3f0Oa/
a.easeth.work/assets/gWVDvw94/
acorngift.com/wp-content/YhNgI/
activelab.in/3bu04/JZ82197190/
agrawaljeweller.com/Fox-C404/5SeLz/
aimeos.softuvo.xyz/packages/fJFU3vLxRUrtA/
ajkersomaj.com/wp-admin/ThBwKpUbIffmrepRg/
allfurdogs.co.uk/wp-content/R1U2sJfwWdrdUjB/
alshamselectrodxb.com/wp-includes/BkJEMQZWgRGc2DCFcsCRt/
althyplane.com/wp-admin/ELWa8YcOqlJn/
amazonas.apiperu.net.pe/0rjb/AbwjpKtyXuT6hg3Qmws03SWB/
ancyh.xyz/Fox-C/LxAhgyO3fMg/
andamedya.net/images/jTDdjmag0X6cnUOZ5VUb/
animalkingdompro.com/wp-includes/dal5pzmAyo6zx2lRk1sdTGZOnJwED/
aoringo-web-creating.com/backup_1/R73800878/
apexsecure.co.uk/content/5wR/
api.task-lite.com/-/T3owojW5fwBduO6K/
apple-service93.ru/wp-includes/JNeOtB9da67l1NjAeEh5/
arcgakuin-dev2.sukoburu-secure.com/l35uhr/R1evmjjhga/
arqua.com.br/siteantigo/gYDoYUIWNgc8kTHDRY7dXlFjah3/
artncraft.uk/inflatable/rg2UWzOeIfuJoYYdVeTOSQ84ki/
ashamedicalsystem.com/1dgdm/942YLPAEMF-1800/
aurumtiles.in/wrydht5j/XpCeIk5IBAjrssqMVR/
avionxpress.com/lp/HyMifM/
bakedfusion.in/fmzm/OOZFzi2sR/
bandenmarkt.com/wp-content/HXN_79786/
bbw918.com/wordpress/5T74ZZzUhvWy4s3P5IrrWc/
behaviouralworkshop.com/msuvpkl/9qWc9TvYVwZ8XMRII3nEXYt0vzfj/
betablog.summertowndental.co.uk/i4x38z/0eH5CC82TXFnK/
bharathibookhouse.in/i870/DyzzViAvZ1k4Djhfp0fSs6XDz/
bimesarayenovin.ir/wp-admin/z464/
blasieholmen-staging.tokig.site/b/SOcGvzIi31HDg/
blog.aeromus.com/-/M_00/
blog.incentivar.io/wp-admin/user/
blog.loanvalley.in/b/dNXOaOWeWFUSgPTAGgnfWqHbWSsLHL/
blog.oo0oo.ml/wp-content/Y_4901983/
brightersevents.com/b/7948QcbkoEsvWXw20/
buildotech.com/hijy/WYHGC31/
buyluxurycard.com/wp-includes/BtgIhhz766h/
callao.apiperu.net.pe/assets/674489-72871/
cambridge-business.com/cambridge-business.com/Qm/
canvassea.com/qjxnz/wkpfvi9/
carmdaksh.org/Fox-C404/7l4siIWb771k0pTG/
carmdaksh.org/uignbip/YLTZ-82812903/
casinobetflix.work/wp-includes/aoItn4LAZOeLFrFLe3oTe6D/
cce.edu.in/admin/Z6RV47bMBr/
changeyourcommunitynow.com/s1hf7qm/TqcrwYcOiqV8fWA/
chiukim.com/1nshiol/iLIrpGeSGV/
chupahfashion.com/eh6bwxk/bowptl/
chuyenphatgiare.com/hs8p/900YXVA7951631/
cisjamaica.com/0av60391igppygl/1z1X71JLLaFEVLixpoa0VPHWT/
clatmagazine.com/p8wl/ZQIX_635174/
climate.thecedarcentre.org/cgi-bin/3eseeNZ/
colegiul-nenitescu-craiova.ro/wp-content/U8fhXoOvlBA/
comsatnet.com/ComsatNet/ydx_7693371/
connecticutsfinestmovers.com/Fox-C/r32O7xxv/
crisbdev.com/wp-content/2dmXYgLVdkV/
cursossemana.com/wp-content/hwPhjzWAObGEmQeJcdTXei/
cusco.apiperu.net.pe/assets/491521837-543255/
daisy.sukoburu-secure.com/assets/qrwbWpSM/
dandtpremierhomes.com/eapn/lpN6dcAppn/
delmarpropertyservices.com/nw1t8jj/NUrSuFyX6P/
demo.avionxpress.com/rbud/OarPTbpwW/
desertsafari.in/wp-includes/362-0857084/
digitalizemarketing.com.br/assets/4ufnr0wnClgtuYlRqhldS/
dijorge.com.br/wp-includes/ooxopS2V9FUS/
dinkovtips.ml/cgi-bin/sXvte2203SpdPZ/
do-cloclo.com/wp-admin/qj0lJaZOOsjYA2l/
dreamcityimprov.com/d5759pd/yzbV45v1nY/
dreamcityloveaffair.com/60bv5/RG9Kb1qRlQ/
dreamdancefactory.clnetworktv.com/zegsgpzq/CT75/
dreamproductionsfl.com/tmw8t/Szjjcj5mU1ZA/
dynmsol.com/wp-admin/k-8744534/
e-klimatherm.nl/wp-admin/SLo9dXmfhIXYnKktAQeK/
e.apiperu.pro/assets/V0QSHDCqgff5BGjWjkjqF/
e.zpesport.com/e.zpesport.com/VEC-5303/
ecoplastindia.in/Fox-C404/j3Ct9hkL8ab384G4iyTeVFsA/
ekamjewels.com/anklet/WQG1/
entradas.feriaautopartes.com/-/t9QkwV/
esakip.dev.semarangkab.go.id/application/Ai4/
fifa69.com/wp-content/cwozYw9/
firstfitschool.com/83wg6z/oUCHXJmm/
fomobaby.app/3kyd3/5t7USfWBs/
freereadmanga.com/temp/kWqpQne3uZc6n/
fse.in.ua/layouts/J_807/
gardeningfilm.com/wp-content/Ef/
gardinia.futuristic.agency/wp-admin/MWFnOC3Ajrg2QuXzM/
geetanjaliconstructions.com/gallery_js/j0au/
geetbuilders.com/Fox-C404/696210_98/
globaltravelsupply.lt/wp-content/965146888536432/
gorajautomation.com/Fox-C404/0Yu4rviR3soc4brPraTpbjS/
graphicsbox.xyz/wp-admin/2DwIO6Ftdj18HM5HQvY2vY8H/
greedyparrot.in/ot4m/nb5o6XYmtTp1UM/
groverelectronics.com/gg6whli/PLLULWLhssdrHryZq6kMwlrGO/
gzesa.net/wp-includes/ID3/
gzndfit.com/520/783723_87/
harshdeeppackersmovers.com/Fox-C404/757068_8033064/
hindimedia.in/wp-content/uploads/
hoianorganic.com.vn/application/219509BAIGPVI_72741909/
hostfeeling.com/wp-admin/DidtoZk2EEc7BWXyhh/
hot.valuemark.co.kr/-/3Fd5rT2IPnPGtpcb8icrmA0GuG7uC/
hotelamerpalace.com/shbq7c5/PyIZQF/
hotelimperialsabre.in/Fox-C404/icdmlKbu19korKtn7Pm1n/
huanuco.apiperu.net.pe/assets/4KJDtTV80LvZ/
huanuco.apiperu.net.pe/assets/54291128YDZOBQG_2259/
hydropneumaticsengg.in/wng0mn/KZLX_51984960/
ica.apiperu.net.pe/assets/685_954/
icsesmedya.com/wp-content/k9ExQlAn/
id-tiara.com/ulcdx/573JLRPNWOJNL_45439/
id-tiara.com/well-known/hbPI8/
imuba.metodista.org.br/b/fBY0JW2ecXebkSHJ5uOUW83BwLE41h/
is-webs.com/assets/25XvohagUPT7Bl/
ishaanbuilders.com/Fox-C404/920-1417425/
iwannago.dev.bizapps.sg/axedi/gtlf2pXOavEAOR/
jointoperations2.com/wo1y/8Lyk9cFBTXThS1MAIpqc/
journeypropertysolutions.com/cterq/KeG/
junin.apiperu.net.pe/assets/4281391_0/
jwellery.fameitc.com/wp-includes/wQK7z9cEcwWCUG/
jzclcj.com/wp-admin/P/
kanhafuncity.com/Fox-C404/iKiX9w2MLkrGpgzORQMw42NyOKkg/
kanudata.co.id/phpmyadmin/W65YRbYD6qbjnb6b6dQBn7Ob/
khustle.com/cgi-bin/jz381CkM5gYgMH/
kiaraskinclinic.in/Fox-C404/n384OzWdFmh7fhtKsBQtwxb/
kimjikuk.luxeone.cn/app/77P/
kleenskinstudio.com/wp-admin/0XCIyatvv2fEO60/
kleenskinstudio.com/wp-admin/gbzInh4is4/
lalibertad.apiperu.net.pe/assets/25308472603405/
lambayeque.apiperu.net.pe/assets/2823-85860/
leadrise.co/Fox-C/cHQyqqLXP/
leadrise.co/wp-includes/687669079_7470366/
lencentr.ru/css/TQDy95IkYBzGlyS/
liladevelopers.in/js/qTt4eaAvhkiJatRiVyuLfQHCJjv/
logomastery.com/quiadolorem/JcVx_2895/
loreto.apiperu.net.pe/assets/C3ppTh8jUD735Hs/
lpm.fk.ub.ac.id/Fox-C/UAjVAqGlQ2q1AMgu/
lpm.fk.ub.ac.id/Fox-C/pZMP/
luxuryamir.com/ry8e7l/hmD_67/
madrededios.apiperu.net.pe/assets/PqzacGq9So/
magento23.aftershipdemo.com/wp-content/srTR05DcUtWQlQ2oKWc/
mahaalaxmi.com/qtnvsd/M0El2dMFwwYdE35w/
mail.shahnazsiddiqa.com/wp-admin/ZGNOqgXX6l/
mangaloresoundandlights.com/stage-lighting-frontend/qmDjYcDpzeR0Z/
medfited.org/wp-admin/U4O2u0vFjZfD9g0wxu/
meicoe.com/wp-admin/jQ5K/
meigue.com/wp-admin/1215600SMVYHIPQ_8765467/
mendesauditoria.com.br/b/820375880-368251/
mex035.com/8/nkHeia_6/
miturugi.main.jp/wp-includes/v3uNd45II43Jd4qsucjS/
mmctextiles.com/8obf4yy7/wKzlby4uF6a/
moneymagnetentertainment.com/pz66t8y/Bd0sR0htA8mHibNJrk/
monorailegypt.com/wp-admin/65879-18/
moon-machinery.com/content/n6yNz/
moquegua.apiperu.net.pe/2clo/oQQQbv9gqXzQMAjIU5ZP1UsCFrFG/
multimaticsnigeria.com.ng/-/1VzCkMJDcptWi9/
multimaticsnigeria.com.ng/-/DFqzS-047805/
myartopus.com/rv5r/ul_87504855/
myflashnet.id/cgi-bin/964104765/
myshoppee.com/Fox-C404/UnJC7Wa7MtDCt/
nameyq.ltd/wp-includes/O6T4F0h7ZH76B8/
newalthyplane.com.althyplane.com/dmcbg7s/X4bbl6/
omegavisual.softuvo.xyz/wp-includes/oJcqfbt4k/
onebet.co.ug/wp-content/MIY0/
ordereasy.hk/error/jzFDH4/
orientbuffet.eu/administrator/9WZ/
otium.cv.opentecsuporte.com/cache/UE-4209701/
padhehindime.com/wp-admin/OXPuzZwlE1bd0/
padsea.cn/unmisgivingly/KTkHkPn3LgXEThsfz5NlggvdLnm/
paraslifestyles.com/Fox-C404/G2tVXgQ/
partnersingrime.webguysdemo.co.uk/lbsbwm9/59261762921656/
pasionportufuturo.pe/wp-content/k-2683324/
pelangi.kim.banjarbarukota.go.id/cgi-bin/CSoKTKMhM7ykoH9NaGmDN62Y5D/
peterpolz.to-create.eu/ahzh7o/ycPb764/
philiatek.com/wp-content/i6xZ9PESl4QAWL9O/
pinnaclehomesusa.net/870xg9/pNp3a1iHCKaZwYEV/
pozhadvokat.com/images/QmZXA9kRUU8xZZF/
ppdbsma.insanrabbany.sch.id/gkvvb/sXVYo8HsPSFQh/
ppdbsmp.insanrabbany.sch.id/assets/eofgaHjWVR9o/
prestashop02.aftershipdemo.com/tools/97337005-53900344/
prod1.saffyr.com/Fox-C404/X/
prod2.saffyr.com/Fox-C404/CDQLYAeSg9Jljt9KFITZmGIYy8p/
prod5.saffyr.com/Fox-C404/WVEA_5134829/
puno.apiperu.net.pe/assets/y0ls0iATNeUQnze8mB2iNN6/
qingtianxcx.top/wp-admin/0aJby7Naal/
queenofluv.com/uemsub/peLSdHCvfhkge/
rajanraz.in/cd8zman/IdyeTFbMHK/
realthadin.net/mail.realthadin.net/3eBmlximmBRL8weEHAAakk8pcommcW/
remedy.eventmasti.com/vendor/Y2XclYoCdDzSSua/
reservegarden.com/wp-content/NFmvutcfH2e/
rovews.com/wp-admin/910324_905/
royallifeagroindia.com/Fox-C/7H/
royallifeagroindia.com/ajax/X56zzJNk/
russian-coins.info/libraries/8oDzr/
salamrejo-selopampang.temanggungkab.go.id/assets/fRKKEQ1fahWTZVebhLirgZTVz/
sanmartin.apiperu.net.pe/assets/80038-36409194/
seaboardpark.com/designthemesq/Um2OvSdjAor/
sekolahfundraising.pirac.org/unsun/uCEjCXKQkpnD3NOA/
serwer2006056.home.pl/u3ov/DIwNq5j2uSoA7Mp/
shahnazsiddiqa.com/wp-admin/V_6/
shankarfoodconsultant.com/Fox-C/OQNPZNgv1/
sheenhosting.com/OneDrive/knwgPOUZbOi4/
shrikrishana.com/b/IeuULjJZ9bA9Nx5Hw7o0lvzMoD/
shriramcarehospital.in/uploads/x78ylzb2hc009kZ/
sigmalabssvg.com/b/GNP/
silentunevents.com/br7h/TLUjR11DhgrTRvAPuilN/
simproce.com/731u/PC_874195037/
site.aau.edu.et/pigeonholer/9/
softstructures.net/-/54343_4592410/
softuvo.softuvo.xyz/wp-includes/v_3296761/
soomaal.softuvo.xyz/wp-includes/lttxc-90473/
springwoodminingservices.com/wp-admin/css/
ss100feet.com/b/t681UHJz/
stchurch.tw/05p6bn/f7a15g1p/
superconstruction.in/backup/87817825_032/
te.pppleohhh.xyz/test/602921829358/
thewritingmachinecompany.com/Browallia/eQJ8wRZ9uorbfNaPkCtd/
thoatvidiademhoaan.com/b/339274-4519466/
tranhgohoangthiet.com/Fox-C/baNobAm4k/
tsuiterublog.com/-/l9YnV47ha/
tulsiprasad.com.np/wp-content/Kfk0thLgiKAAts9rXnuc0RUQE/
tumbes.apiperu.net.pe/assets/TXQEAUBMidPZ/
txingame.com/wp-content/783990910_42557/
v-realty.ae/wp-content/JsV9XKZJ5HyDtF6Kl20/
voyager.softuvo.xyz/css/027802_19491/
webaseen.bizdesign.org.il/0plrp/8527_13009/
webtuc.com/nkxmumv/45743094_88559759/
wonokerso-pringsurat.temanggungkab.go.id/assets/sAAo8a/
wordpress02.aftershipdemo.com/dwo2/Biiu7vVWCeH0JJHy7WWsdiZKKtWLX/
wordpress02.aftershipdemo.com/dwo2/o99j2dXfRdd/
wordpress05.aftershipdemo.com/w4gfdi/mGgE87/
wordpress08.aftershipdemo.com/yqlo/H6bEHTcVY0/
wordpress08.aftershipdemo.com/yqlo/TGwxAKnq95Mt0Cfy2TfCI/
wordpress10.aftershipdemo.com/vbvqj/J_347/
wordpress11.aftershipdemo.com/wordpress/C3zK3UjSC7s7xyrM8j8YMdS/
wordpress12.aftershipdemo.com/wordpress/0883248-60/
wordpress14.aftershipdemo.com/wordpress/7237_390/
wordpress15.aftershipdemo.com/wordpress/fGmhYvSkc8uJu/
xn--12cmbj7eucdlsj9icqc9ombzhzc.com/wp-includes/Qg8e85/
xn--72cg7aqv0asf6bd3ec3rla.com/epistemic/YTXM7fKa7dZWSvV/
yjhgov.work/images/4YhKPqWeoAo2sakyrR5BR43/
znzhou.top/wp-admin/5384_0163087/
znzhou.top

/-/1VzCkMJDcptWi9/
/-/3Fd5rT2IPnPGtpcb8icrmA0GuG7uC/
/-/54343_4592410/
/-/DFqzS-047805/
/-/M_00/
/-/T3owojW5fwBduO6K/
/-/l9YnV47ha/
/-/t9QkwV/
/05p6bn/f7a15g1p/
/0av60391igppygl/1z1X71JLLaFEVLixpoa0VPHWT/
/0plrp/8527_13009/
/0rjb/AbwjpKtyXuT6hg3Qmws03SWB/
/1dgdm/942YLPAEMF-1800/
/1nshiol/iLIrpGeSGV/
/2clo/oQQQbv9gqXzQMAjIU5ZP1UsCFrFG/
/3bu04/JZ82197190/
/3kyd3/5t7USfWBs/
/520/783723_87/
/60bv5/RG9Kb1qRlQ/
/731u/PC_874195037/
/8/nkHeia_6/
/83wg6z/oUCHXJmm/
/870xg9/pNp3a1iHCKaZwYEV/
/8obf4yy7/wKzlby4uF6a/
/95p3tu4h/5590702_1274/
/Browallia/eQJ8wRZ9uorbfNaPkCtd/
/ComsatNet/ydx_7693371/
/Fox-C/7H/
/Fox-C/LxAhgyO3fMg/
/Fox-C/OQNPZNgv1/
/Fox-C/UAjVAqGlQ2q1AMgu/
/Fox-C/baNobAm4k/
/Fox-C/cHQyqqLXP/
/Fox-C/pZMP/
/Fox-C/r32O7xxv/
/Fox-C404/0Yu4rviR3soc4brPraTpbjS/
/Fox-C404/5SeLz/
/Fox-C404/696210_98/
/Fox-C404/757068_8033064/
/Fox-C404/7l4siIWb771k0pTG/
/Fox-C404/920-1417425/
/Fox-C404/CDQLYAeSg9Jljt9KFITZmGIYy8p/
/Fox-C404/G2tVXgQ/
/Fox-C404/UnJC7Wa7MtDCt/
/Fox-C404/WVEA_5134829/
/Fox-C404/X/
/Fox-C404/iKiX9w2MLkrGpgzORQMw42NyOKkg/
/Fox-C404/icdmlKbu19korKtn7Pm1n/
/Fox-C404/j3Ct9hkL8ab384G4iyTeVFsA/
/Fox-C404/n384OzWdFmh7fhtKsBQtwxb/
/OneDrive/knwgPOUZbOi4/
/WDISOFTWARE.COM/82298/
/admin/Z6RV47bMBr/
/administrator/9WZ/
/ahzh7o/ycPb764/
/ajax/X56zzJNk/
/anklet/WQG1/
/app/77P/
/application/219509BAIGPVI_72741909/
/application/Ai4/
/assets/25308472603405/
/assets/25XvohagUPT7Bl/
/assets/2823-85860/
/assets/4281391_0/
/assets/491521837-543255/
/assets/4KJDtTV80LvZ/
/assets/4ufnr0wnClgtuYlRqhldS/
/assets/54291128YDZOBQG_2259/
/assets/674489-72871/
/assets/685_954/
/assets/80038-36409194/
/assets/C3ppTh8jUD735Hs/
/assets/PqzacGq9So/
/assets/TXQEAUBMidPZ/
/assets/V0QSHDCqgff5BGjWjkjqF/
/assets/eofgaHjWVR9o/
/assets/fRKKEQ1fahWTZVebhLirgZTVz/
/assets/gWVDvw94/
/assets/qrwbWpSM/
/assets/sAAo8a/
/assets/y0ls0iATNeUQnze8mB2iNN6/
/axedi/gtlf2pXOavEAOR/
/b/339274-4519466/
/b/7948QcbkoEsvWXw20/
/b/820375880-368251/
/b/GNP/
/b/IeuULjJZ9bA9Nx5Hw7o0lvzMoD/
/b/SOcGvzIi31HDg/
/b/dNXOaOWeWFUSgPTAGgnfWqHbWSsLHL/
/b/fBY0JW2ecXebkSHJ5uOUW83BwLE41h/
/b/t681UHJz/
/backup/87817825_032/
/backup_1/R73800878/
/br7h/TLUjR11DhgrTRvAPuilN/
/cache/UE-4209701/
/cambridge-business.com/Qm/
/cd8zman/IdyeTFbMHK/
/cgi-bin/3eseeNZ/
/cgi-bin/964104765/
/cgi-bin/CSoKTKMhM7ykoH9NaGmDN62Y5D/
/cgi-bin/jz381CkM5gYgMH/
/cgi-bin/sXvte2203SpdPZ/
/content/5wR/
/content/n6yNz/
/css/027802_19491/
/css/TQDy95IkYBzGlyS/
/cterq/KeG/
/d5759pd/yzbV45v1nY/
/designthemesq/Um2OvSdjAor/
/dmcbg7s/X4bbl6/
/dup-installer/3vESrkJAS97l/
/dwo2/Biiu7vVWCeH0JJHy7WWsdiZKKtWLX/
/dwo2/o99j2dXfRdd/
/e.zpesport.com/VEC-5303/
/eapn/lpN6dcAppn/
/eh6bwxk/bowptl/
/epistemic/YTXM7fKa7dZWSvV/
/error/jzFDH4/
/fmzm/OOZFzi2sR/
/gallery_js/j0au/
/gg6whli/PLLULWLhssdrHryZq6kMwlrGO/
/gkvvb/sXVYo8HsPSFQh/
/hijy/WYHGC31/
/hs8p/900YXVA7951631/
/i4x38z/0eH5CC82TXFnK/
/i870/DyzzViAvZ1k4Djhfp0fSs6XDz/
/images/4YhKPqWeoAo2sakyrR5BR43/
/images/QmZXA9kRUU8xZZF/
/images/jTDdjmag0X6cnUOZ5VUb/
/inflatable/rg2UWzOeIfuJoYYdVeTOSQ84ki/
/itdb/vC0S9E4XvEsWOUzHKBN3f0Oa/
/js/qTt4eaAvhkiJatRiVyuLfQHCJjv/
/l35uhr/R1evmjjhga/
/layouts/J_807/
/lbsbwm9/59261762921656/
/libraries/8oDzr/
/lp/HyMifM/
/mail.realthadin.net/3eBmlximmBRL8weEHAAakk8pcommcW/
/msuvpkl/9qWc9TvYVwZ8XMRII3nEXYt0vzfj/
/nkxmumv/45743094_88559759/
/nw1t8jj/NUrSuFyX6P/
/ot4m/nb5o6XYmtTp1UM/
/p8wl/ZQIX_635174/
/packages/fJFU3vLxRUrtA/
/phpmyadmin/W65YRbYD6qbjnb6b6dQBn7Ob/
/pigeonholer/9/
/pz66t8y/Bd0sR0htA8mHibNJrk/
/qjxnz/wkpfvi9/
/qtnvsd/M0El2dMFwwYdE35w/
/quiadolorem/JcVx_2895/
/rbud/OarPTbpwW/
/rv5r/ul_87504855/
/ry8e7l/hmD_67/
/s1hf7qm/TqcrwYcOiqV8fWA/
/shbq7c5/PyIZQF/
/siteantigo/gYDoYUIWNgc8kTHDRY7dXlFjah3/
/stage-lighting-frontend/qmDjYcDpzeR0Z/
/temp/kWqpQne3uZc6n/
/test/602921829358/
/tmw8t/Szjjcj5mU1ZA/
/tools/97337005-53900344/
/u3ov/DIwNq5j2uSoA7Mp/
/uemsub/peLSdHCvfhkge/
/uignbip/YLTZ-82812903/
/ulcdx/573JLRPNWOJNL_45439/
/unmisgivingly/KTkHkPn3LgXEThsfz5NlggvdLnm/
/unsun/uCEjCXKQkpnD3NOA/
/uploads/x78ylzb2hc009kZ/
/vbvqj/J_347/
/vendor/Y2XclYoCdDzSSua/
/w4gfdi/mGgE87/
/well-known/FUk/
/well-known/hbPI8/
/wng0mn/KZLX_51984960/
/wo1y/8Lyk9cFBTXThS1MAIpqc/
/wordpress/0883248-60/
/wordpress/5T74ZZzUhvWy4s3P5IrrWc/
/wordpress/7237_390/
/wordpress/C3zK3UjSC7s7xyrM8j8YMdS/
/wordpress/fGmhYvSkc8uJu/
/wp-admin/0XCIyatvv2fEO60/
/wp-admin/0aJby7Naal/
/wp-admin/1215600SMVYHIPQ_8765467/
/wp-admin/2DwIO6Ftdj18HM5HQvY2vY8H/
/wp-admin/5384_0163087/
/wp-admin/65879-18/
/wp-admin/910324_905/
/wp-admin/DidtoZk2EEc7BWXyhh/
/wp-admin/ELWa8YcOqlJn/
/wp-admin/MWFnOC3Ajrg2QuXzM/
/wp-admin/OXPuzZwlE1bd0/
/wp-admin/P/
/wp-admin/SLo9dXmfhIXYnKktAQeK/
/wp-admin/ThBwKpUbIffmrepRg/
/wp-admin/U4O2u0vFjZfD9g0wxu/
/wp-admin/V_6/
/wp-admin/ZGNOqgXX6l/
/wp-admin/gbzInh4is4/
/wp-admin/jQ5K/
/wp-admin/k-8744534/
/wp-admin/qj0lJaZOOsjYA2l/
/wp-admin/user/
/wp-admin/z464/
/wp-content/2dmXYgLVdkV/
/wp-content/783990910_42557/
/wp-content/965146888536432/
/wp-content/Ef/
/wp-content/HXN_79786/
/wp-content/JsV9XKZJ5HyDtF6Kl20/
/wp-content/Kfk0thLgiKAAts9rXnuc0RUQE/
/wp-content/MIY0/
/wp-content/NFmvutcfH2e/
/wp-content/R1U2sJfwWdrdUjB/
/wp-content/U8fhXoOvlBA/
/wp-content/Y_4901983/
/wp-content/YhNgI/
/wp-content/aTIYB3QYHZt/
/wp-content/cwozYw9/
/wp-content/hwPhjzWAObGEmQeJcdTXei/
/wp-content/i6xZ9PESl4QAWL9O/
/wp-content/k-2683324/
/wp-content/k9ExQlAn/
/wp-content/srTR05DcUtWQlQ2oKWc/
/wp-includes/362-0857084/
/wp-includes/687669079_7470366/
/wp-includes/BkJEMQZWgRGc2DCFcsCRt/
/wp-includes/BtgIhhz766h/
/wp-includes/ID3/
/wp-includes/JNeOtB9da67l1NjAeEh5/
/wp-includes/O6T4F0h7ZH76B8/
/wp-includes/Qg8e85/
/wp-includes/aoItn4LAZOeLFrFLe3oTe6D/
/wp-includes/dal5pzmAyo6zx2lRk1sdTGZOnJwED/
/wp-includes/lttxc-90473/
/wp-includes/oJcqfbt4k/
/wp-includes/ooxopS2V9FUS/
/wp-includes/v3uNd45II43Jd4qsucjS/
/wp-includes/v_3296761/
/wp-includes/wQK7z9cEcwWCUG/
/wrydht5j/XpCeIk5IBAjrssqMVR/
/yqlo/H6bEHTcVY0/
/yqlo/TGwxAKnq95Mt0Cfy2TfCI/
/zegsgpzq/CT75/
/027802_19491/
/0883248-60/
/0XCIyatvv2fEO60/
/0Yu4rviR3soc4brPraTpbjS/
/0aJby7Naal/
/0eH5CC82TXFnK/
/1215600SMVYHIPQ_8765467/
/1VzCkMJDcptWi9/
/1z1X71JLLaFEVLixpoa0VPHWT/
/219509BAIGPVI_72741909/
/25308472603405/
/25XvohagUPT7Bl/
/2823-85860/
/2DwIO6Ftdj18HM5HQvY2vY8H/
/2dmXYgLVdkV/
/339274-4519466/
/362-0857084/
/3Fd5rT2IPnPGtpcb8icrmA0GuG7uC/
/3eBmlximmBRL8weEHAAakk8pcommcW/
/3eseeNZ/
/3vESrkJAS97l/
/4281391_0/
/45743094_88559759/
/491521837-543255/
/4KJDtTV80LvZ/
/4YhKPqWeoAo2sakyrR5BR43/
/4ufnr0wnClgtuYlRqhldS/
/5384_0163087/
/54291128YDZOBQG_2259/
/54343_4592410/
/5590702_1274/
/573JLRPNWOJNL_45439/
/59261762921656/
/5SeLz/
/5T74ZZzUhvWy4s3P5IrrWc/
/5t7USfWBs/
/602921829358/
/65879-18/
/674489-72871/
/685_954/
/687669079_7470366/
/696210_98/
/7237_390/
/757068_8033064/
/783723_87/
/783990910_42557/
/7948QcbkoEsvWXw20/
/7l4siIWb771k0pTG/
/80038-36409194/
/820375880-368251/
/8527_13009/
/87817825_032/
/8Lyk9cFBTXThS1MAIpqc/
/8oDzr/
/900YXVA7951631/
/910324_905/
/920-1417425/
/942YLPAEMF-1800/
/964104765/
/965146888536432/
/97337005-53900344/
/9qWc9TvYVwZ8XMRII3nEXYt0vzfj/
/AbwjpKtyXuT6hg3Qmws03SWB/
/Bd0sR0htA8mHibNJrk/
/Biiu7vVWCeH0JJHy7WWsdiZKKtWLX/
/BkJEMQZWgRGc2DCFcsCRt/
/BtgIhhz766h/
/C3ppTh8jUD735Hs/
/C3zK3UjSC7s7xyrM8j8YMdS/
/CDQLYAeSg9Jljt9KFITZmGIYy8p/
/CSoKTKMhM7ykoH9NaGmDN62Y5D/
/DFqzS-047805/
/DIwNq5j2uSoA7Mp/
/DidtoZk2EEc7BWXyhh/
/DyzzViAvZ1k4Djhfp0fSs6XDz/
/ELWa8YcOqlJn/
/G2tVXgQ/
/H6bEHTcVY0/
/HXN_79786/
/HyMifM/
/IdyeTFbMHK/
/IeuULjJZ9bA9Nx5Hw7o0lvzMoD/
/JNeOtB9da67l1NjAeEh5/
/JZ82197190/
/JcVx_2895/
/JsV9XKZJ5HyDtF6Kl20/
/KTkHkPn3LgXEThsfz5NlggvdLnm/
/KZLX_51984960/
/Kfk0thLgiKAAts9rXnuc0RUQE/
/LxAhgyO3fMg/
/M0El2dMFwwYdE35w/
/MWFnOC3Ajrg2QuXzM/
/NFmvutcfH2e/
/NUrSuFyX6P/
/O6T4F0h7ZH76B8/
/OOZFzi2sR/
/OQNPZNgv1/
/OXPuzZwlE1bd0/
/OarPTbpwW/
/PC_874195037/
/PLLULWLhssdrHryZq6kMwlrGO/
/PqzacGq9So/
/PyIZQF/
/Qg8e85/
/QmZXA9kRUU8xZZF/
/R1U2sJfwWdrdUjB/
/R1evmjjhga/
/R73800878/
/RG9Kb1qRlQ/
/SLo9dXmfhIXYnKktAQeK/
/SOcGvzIi31HDg/
/Szjjcj5mU1ZA/
/T3owojW5fwBduO6K/
/TGwxAKnq95Mt0Cfy2TfCI/
/TLUjR11DhgrTRvAPuilN/
/TQDy95IkYBzGlyS/
/TXQEAUBMidPZ/
/ThBwKpUbIffmrepRg/
/TqcrwYcOiqV8fWA/
/U4O2u0vFjZfD9g0wxu/
/U8fhXoOvlBA/
/UAjVAqGlQ2q1AMgu/
/UE-4209701/
/Um2OvSdjAor/
/UnJC7Wa7MtDCt/
/V0QSHDCqgff5BGjWjkjqF/
/VEC-5303/
/W65YRbYD6qbjnb6b6dQBn7Ob/
/WVEA_5134829/
/WYHGC31/
/X4bbl6/
/X56zzJNk/
/XpCeIk5IBAjrssqMVR/
/Y2XclYoCdDzSSua/
/YLTZ-82812903/
/YTXM7fKa7dZWSvV/
/Y_4901983/
/YhNgI/
/Z6RV47bMBr/
/ZGNOqgXX6l/
/ZQIX_635174/
/aTIYB3QYHZt/
/aoItn4LAZOeLFrFLe3oTe6D/
/baNobAm4k/
/bowptl/
/cHQyqqLXP/
/cwozYw9/
/dNXOaOWeWFUSgPTAGgnfWqHbWSsLHL/
/dal5pzmAyo6zx2lRk1sdTGZOnJwED/
/eQJ8wRZ9uorbfNaPkCtd/
/eofgaHjWVR9o/
/f7a15g1p/
/fBY0JW2ecXebkSHJ5uOUW83BwLE41h/
/fGmhYvSkc8uJu/
/fJFU3vLxRUrtA/
/fRKKEQ1fahWTZVebhLirgZTVz/
/gWVDvw94/
/gYDoYUIWNgc8kTHDRY7dXlFjah3/
/gbzInh4is4/
/gtlf2pXOavEAOR/
/hbPI8/
/hmD_67/
/hwPhjzWAObGEmQeJcdTXei/
/i6xZ9PESl4QAWL9O/
/iKiX9w2MLkrGpgzORQMw42NyOKkg/
/iLIrpGeSGV/
/icdmlKbu19korKtn7Pm1n/
/j3Ct9hkL8ab384G4iyTeVFsA/
/jTDdjmag0X6cnUOZ5VUb/
/jz381CkM5gYgMH/
/jzFDH4/
/k-2683324/
/k-8744534/
/k9ExQlAn/
/kWqpQne3uZc6n/
/knwgPOUZbOi4/
/l9YnV47ha/
/lpN6dcAppn/
/lttxc-90473/
/mGgE87/
/n384OzWdFmh7fhtKsBQtwxb/
/n6yNz/
/nb5o6XYmtTp1UM/
/nkHeia_6/
/o99j2dXfRdd/
/oJcqfbt4k/
/oQQQbv9gqXzQMAjIU5ZP1UsCFrFG/
/oUCHXJmm/
/ooxopS2V9FUS/
/pNp3a1iHCKaZwYEV/
/peLSdHCvfhkge/
/qTt4eaAvhkiJatRiVyuLfQHCJjv/
/qj0lJaZOOsjYA2l/
/qmDjYcDpzeR0Z/
/qrwbWpSM/
/r32O7xxv/
/rg2UWzOeIfuJoYYdVeTOSQ84ki/
/sAAo8a/
/sXVYo8HsPSFQh/
/sXvte2203SpdPZ/
/srTR05DcUtWQlQ2oKWc/
/t681UHJz/
/t9QkwV/
/uCEjCXKQkpnD3NOA/
/ul_87504855/
/v3uNd45II43Jd4qsucjS/
/vC0S9E4XvEsWOUzHKBN3f0Oa/
/v_3296761/
/wKzlby4uF6a/
/wQK7z9cEcwWCUG/
/wkpfvi9/
/x78ylzb2hc009kZ/
/y0ls0iATNeUQnze8mB2iNN6/
/ycPb764/
/ydx_7693371/
/yzbV45v1nY/

# Reference: https://app.any.run/tasks/7f1c823b-35d9-451e-908e-a41d1712b018/

159.69.43.124:8080
sesco-ks.com/wp-content/0Uuf/
/wp-content/0Uuf/

# Reference: https://tria.ge/220126-z84zzsbac6

118.98.72.86:443
194.9.172.107:8080
45.13.132.26:8080
45.79.80.198:443

# Reference: https://pastebin.com/wWRdjKkW

accessunited-bank.com/admin/hzIgVwq8btak/
actividades.laforetlanguages.com/wp-admin/IU833uv/
allaagency.ro/wp-admin/7/
anse-audition.com/dup-installer/1taimP6/
artanddesign.one/wp-content/uploads/A2cZL7/
autodiscover.karlamejia.com/wp-admin/hcdnVlRIiwvTVrJjJEE/
autostrach.com/wp-includes/LQaU36okE8/
b-lubisi-motivational-speaker.com/wp-admin/rviEsA/
barriemckay.com/wp-admin/yuF2aHG/
chochungcuhanoi.com/wp-content/cyE2u0cnolP/
connecticutsfinestmovers.com/Fox-C/mVwOqxT17gVWaE8E/
crmweb.info:443/bitrix/rc9XjtwF/
dev.learncaraudio.com/wp-admin/kVDBxJnZzE9UPEz/
dragontranscriptions.com/wp-admin/kvzgg3SXC1/
dulichkhampha24.net/wp-content/znJjEhVUupBTTtt8/
e-drive.hr/wp-snapshots/fY/
eleccom.shop:443/services/AEjSDj/
elenaghisellini.com/videos/PIz1/
falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/
getcode.info/wp-content/QDx8b5j/
hotelamerpalace.com/Fox-C404/LEPqPJpt4Gbr8BHAn/
huyndai-namdinh.com/wp-content/QQiYwNcaegg/
icfacn.com/runtime/n7qA2YStudp/
izocab.com/nashi-klienty/B5SC/
koperasipengayoman.co.id/download/mI1WG4YscwjwpTi5/
krezol-group.com:443/images/PmLGLKYeCBs5d/
ledcaopingdeng.com/wp-includes/Qq39yj7fpvk/
masboni.com/wp-admin/3zUQl/
midweststructure.com/wp-includes/pg8AaWRbnH3MffrNRMv/
montenegroinvesting.com/wp-admin/d5KRp8e1bUR20vICZ3p/
nomanatif.net/wp-includes/u1kbP/
osiris-cheats.net/wp-admin/pCwOGd7/
palankhir.hu/tools/GJRNhZHz/
pigij.com/wp-admin/MVW5/
pmfstukm.com/wp-admin/02Bmdv/
saarchitectsbd.com/wp-admin/tWzH87/
seotop1google.net/css/0TcmSq/
sesco-ks.com/wp-content/0Uuf/
sexescortsdubai.com/maintenance/jx4Ba/
sneakadream.com/wp-content/pccmAOq/
spraysafenorth.co.za/u0dvih/6/
starspeedng.com/One-File/U3Trml/
strawberry.kids-singer.net/assets_c/WAdvNT84Dmu/
tanquessepticos.com/wp-admin/ApVVbl1fQ0/
tattooblog.cn/wp-includes/KJLv/
umanostudio.com/wp-admin/n1LG7aJnptBlQkC/
unifiedpharma.com/wp-content/5arxM/
vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/
weddingbandsirelandjbk.com/hgsynt2/o/
wlmconcept.com/cgi-bin/9tl5Twe4suaxBKaKB/
yeald.finance/wp-admin/1WgPRm/
/Fox-C/mVwOqxT17gVWaE8E/
/Fox-C404/LEPqPJpt4Gbr8BHAn/
/One-File/U3Trml/
/admin/hzIgVwq8btak/
/assets_c/WAdvNT84Dmu/
/bitrix/rc9XjtwF/
/cgi-bin/9tl5Twe4suaxBKaKB/
/css/0TcmSq/
/download/mI1WG4YscwjwpTi5/
/dup-installer/1taimP6/
/hgsynt2/o/
/images/PmLGLKYeCBs5d/
/maintenance/jx4Ba/
/nashi-klienty/B5SC/
/runtime/n7qA2YStudp/
/services/AEjSDj/
/tools/GJRNhZHz/
/u0dvih/6/
/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/
/wp-admin/02Bmdv/
/wp-admin/1WgPRm/
/wp-admin/3zUQl/
/wp-admin/ApVVbl1fQ0/
/wp-admin/IU833uv/
/wp-admin/MVW5/
/wp-admin/d5KRp8e1bUR20vICZ3p/
/wp-admin/hcdnVlRIiwvTVrJjJEE/
/wp-admin/kVDBxJnZzE9UPEz/
/wp-admin/kvzgg3SXC1/
/wp-admin/n1LG7aJnptBlQkC/
/wp-admin/pCwOGd7/
/wp-admin/rviEsA/
/wp-admin/tWzH87/
/wp-admin/yuF2aHG/
/wp-content/0Uuf/
/wp-content/5arxM/
/wp-content/QDx8b5j/
/wp-content/QQiYwNcaegg/
/wp-content/cyE2u0cnolP/
/wp-content/pccmAOq/
/wp-content/znJjEhVUupBTTtt8/
/wp-includes/KJLv/
/wp-includes/LQaU36okE8/
/wp-includes/Qq39yj7fpvk/
/wp-includes/pg8AaWRbnH3MffrNRMv/
/wp-includes/u1kbP/
/wp-snapshots/fY/
/wp-content/uploads/A2cZL7/
vegasvulkan1000.falah.org.pk

# Reference: https://twitter.com/JAMESWT_MHT/status/1486637826997460992

jeffreylubin.igclout.com/wp-admin/vzOG/
kuyporn.com/wp-content/XSs5/
/wp-admin/vzOG/
/wp-content/XSs5/

# Reference: https://twitter.com/pr0xylife/status/1486727054582190080

store.anicyber.com/wp-content/upgrade/UJIYTq/
/wp-content/upgrade/UJIYTq/
/upgrade/UJIYTq/

# Reference: https://twitter.com/Max_Mal_/status/1486806808735924233

128.199.93.156:8080

# Reference: https://twitter.com/bomccss/status/1486976898903470080

http://91.240.118.172

# Reference: https://twitter.com/MarceloRivero/status/1465860745862778882

104.245.52.73:8080

# Reference: https://twitter.com/pr0xylife/status/1487003796983193600

hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/
hostfeeling.com
/wp-admin/4XsjtOT7cFHvBV3HZ/
/4XsjtOT7cFHvBV3HZ/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_30.01.2022.txt

103.41.204.169:8080
139.196.72.155:8080
198.199.98.78:8080
74.207.230.120:8080
3-fasen.com/wp-content/3Bl0hBbW/
devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/
ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/
engaz.shop/wp-content/MOllqUm2nb/
imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/
lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/
manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/
mypurealsystem.com/App_Start/Rhh8lKO/
oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/
onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/
tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/
tunbridgeservices.com/jfoeqhxz/zOX0/
vn.minino.com/wp-admin/c3WQa/
/App_Start/Rhh8lKO/
/Getae/Vyo5rrNLAgd0QxXvkv/
/Serendib/gl1hcef9Y3GSTCDC/
/cdrxhrt/uVE0uVHOz5E/
/jfoeqhxz/zOX0/
/ncsb/cyGoTYqMmcRwvqdre/
/wp-admin/AiK19uMf/
/wp-admin/c3WQa/
/wp-admin/ffdC7ElM2Bn2/
/wp-content/3Bl0hBbW/
/wp-content/MOllqUm2nb/
/wp-includes/BEADvqGgemV8SnTX/
/wp-includes/ZEYDjosbNExFTdu/
/3Bl0hBbW/
/AiK19uMf/
/BEADvqGgemV8SnTX/
/MOllqUm2nb/
/Rhh8lKO/
/Vyo5rrNLAgd0QxXvkv/
/ZEYDjosbNExFTdu/
/cyGoTYqMmcRwvqdre/
/ffdC7ElM2Bn2/
/gl1hcef9Y3GSTCDC/
/uVE0uVHOz5E/

# Reference: https://twitter.com/Cryptolaemus1/status/1488208403054968833

http://139.99.89.211/wp-admin/VM1HRb3b0MGGdp/
dev.learncaraudio.com/wp-admin/ZIwWVcNiED4JYqnq/
jeffreylubin.igclout.com/wp-admin/gJ5oDbi/
karensgardentips.com/cgi-bin/w9i3PIVDOJDeF095ST/
lastregaristorante.com/wp-admin/vkXFRVu/
sellin.app/wp-admin/0W4AcWvFkHkV/
tastedonline.com/cgi-bin/14Lg3P2Dt3rqBmaYZO/
/cgi-bin/14Lg3P2Dt3rqBmaYZO/
/cgi-bin/w9i3PIVDOJDeF095ST/
/wp-admin/0W4AcWvFkHkV/
/wp-admin/gJ5oDbi/
/wp-admin/vkXFRVu/
/wp-admin/VM1HRb3b0MGGdp/
/wp-admin/ZIwWVcNiED4JYqnq/
/0W4AcWvFkHkV/
/14Lg3P2Dt3rqBmaYZO/
/gJ5oDbi/
/vkXFRVu/
/VM1HRb3b0MGGdp/
/w9i3PIVDOJDeF095ST/
/ZIwWVcNiED4JYqnq/

# Reference: https://www.virustotal.com/gui/file/0148a97cedfa657b8c58cc8835270173343362a418d702c88507e20dc8210ecb/detection

144.76.186.49:8080

# Reference: https://www.virustotal.com/gui/file/228c467d19d608b5fa59f07189a82557a59af6ebbc2c001892c1e8e500644c6a/detection

128.199.157.63:80
185.46.123.38:80
23.205.118.16:80
47.110.149.223:8080
fr7.anbo5288.cc/-/Q7qLFrKJSlabny0snc/
peterpolz.to-create.eu/cgi-bin/toRO9wV0IQu6/
/-/Q7qLFrKJSlabny0snc/
/cgi-bin/toRO9wV0IQu6/
/Q7qLFrKJSlabny0snc/
/toRO9wV0IQu6/

# Reference: https://twitter.com/tosscoinwitcher/status/1487235154993041414

michaelcrompton.co.uk/wp-admin/G/
weezual.fr/ju9c/twEHJDCvNwGimD/
/ju9c/twEHJDCvNwGimD/
/twEHJDCvNwGimD/

# Reference: https://www.virustotal.com/gui/file/58952b261bb93ebb8ea1d8551ae1e0ad9de39763274ca02ff05b7254bbf60bd9/detection

koshishmarketing.com/mo8igygw3uv/t4z68181/
ruanyun123.com/au10/769758/
/mo8igygw3uv/t4z68181/
/mo8igygw3uv/
/t4z68181/

# Reference: https://twitter.com/sugimu_sec/status/1488819822779838465
# Reference: https://twitter.com/sugimu_sec/status/1488819822779838465

103.75.201.4:443
129.232.188.93:443
138.185.72.26:8080
159.8.59.82:8080
159.89.230.105:443
160.16.102.168:80
164.68.99.3:8080
185.157.82.211:8080
200.17.134.35:7080
212.24.98.99:8080
bossblogg.com
bossblogg.com/wp-includes/s0f0zg6/
/wp-includes/s0f0zg6/

# Reference: https://twitter.com/abel1ma/status/1488988762591805440
# Reference: https://tria.ge/220202-zxc25abedq

actividades.laforetlanguages.com/wp-admin/BlkdOKDXL/
anugerahmasinternasional.co.id/wp-admin/SJbxE5I/
anwaralbasateen.com/Fox-C404/mDHkfgebMRzmGKBy/
arzulens.com/wp-includes/7gySgTg/
atmedic.cl/sistemas/3ZbsUAU/
biz.merlin.ua/wp-admin/W6agtFSRZGt371dV/
bruckevn.site/3yztzzvh/nmY4wZfbYL/
datasits.com/wp-includes/Zkj4QO/
daujimaharajmandir.org/wp-includes/63De/
pardiskood.com/wp-content/NR/
parkinsons.co.in/abc/Y6Y0fTbUEg6/
sbcopylive.com.br/rjuz/w/
trasix.com/wp-admin/y5Aa1jt0Sp2Qk/
/3yztzzvh/nmY4wZfbYL/
/Fox-C404/mDHkfgebMRzmGKBy/
/abc/Y6Y0fTbUEg6/
/sistemas/3ZbsUAU/
/wp-admin/BlkdOKDXL/
/wp-admin/SJbxE5I/
/wp-admin/W6agtFSRZGt371dV/
/wp-admin/y5Aa1jt0Sp2Qk/
/wp-content/NR/
/wp-includes/63De/
/wp-includes/7gySgTg/
/wp-includes/Zkj4QO/
/3yztzzvh/
/3ZbsUAU/
/7gySgTg/
/BlkdOKDXL/
/nmY4wZfbYL/
/SJbxE5I/
/W6agtFSRZGt371dV/
/Y6Y0fTbUEg6/
/mDHkfgebMRzmGKBy/
/y5Aa1jt0Sp2Qk/

# Reference: https://twitter.com/papa_anniekey/status/1489201689609445376

a-bc.cn/img/nhBjlyOAmot/
/img/nhBjlyOAmot/
/nhBjlyOAmot/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_03.02.2022.txt

http://3.130.37.158
172.105.115.71:443
185.184.25.78:8080
54.37.106.167:8080
advancedguerrillamarketing.com/assets/oUD/
aishyana.com/wp-admin/6pY001tdOxYb10/
astronomy24x7.com/wp-content/05ZGtxtrfIxNVb0M/
chupahfashion.com/eh6bwxk/bowptl/xdAiCtVd/
crm.avionxpress.com/media/H4fjpmz/
dirtduel.com/db/v4gdL66Y/
gainc.info/product3_files/PwAGXtbf6tn5r/
https://albbd.online/wp-content/wUw03JZqT3/
https://detroitsignsandwraps.com/wp-admin/bPmzjYidYDLUT/
https://giskunihar.com/wp-content/4meLxvZP/
https://stavki-na-sporte.ru/wp-content/qZ9UqoY2IzXUAqW3/
https://tranhgohoangthiet.com/Fox-C/E9ZETOCG4gWfNONRKWG/
id-tiara.com/well-known/AW7ddGt/
karaah.com/kvxtqec/L8mqXiKjN95uoFOQqDS/
liaisonltd.com/-/wJqOY64M/
mail.gymcoachjose.com/ew9iwl/av20pfJZ44/
mail.terinhumphrey.com/tasty-crab-promo/qBdohcsqomjFk/
mail.themintlist.com/wp-includes/S5xbjWOoM75ysw9xaM/
nccikeja.com/back/lOo46UEiVanm/
orelco.net/wp-admin/5NiO/
sahayoghospitals.com/older/NFPLtNt4M3D1yYt/
stntools.com/js/uhTyC/
/-/wJqOY64M/
/Fox-C/E9ZETOCG4gWfNONRKWG/
/assets/oUD/
/back/lOo46UEiVanm/
/db/v4gdL66Y/
/eh6bwxk/bowptl/
/ew9iwl/av20pfJZ44/
/kvxtqec/L8mqXiKjN95uoFOQqDS/
/media/H4fjpmz/
/older/NFPLtNt4M3D1yYt/
/product3_files/PwAGXtbf6tn5r/
/tasty-crab-promo/qBdohcsqomjFk/
/well-known/AW7ddGt/
/wp-admin/5NiO/
/wp-admin/6pY001tdOxYb10/
/wp-admin/bPmzjYidYDLUT/
/wp-content/05ZGtxtrfIxNVb0M/
/wp-content/4meLxvZP/
/wp-content/qZ9UqoY2IzXUAqW3/
/wp-content/wUw03JZqT3/
/wp-includes/S5xbjWOoM75ysw9xaM/
/05ZGtxtrfIxNVb0M/
/0WGa0yF6b6F3VK5tb/
/0qJRIjxxhZ/
/4meLxvZP/
/6pY001tdOxYb10/
/AW7ddGt/
/E9ZETOCG4gWfNONRKWG/
/EIzEADnvS/
/H4fjpmz/
/L8mqXiKjN95uoFOQqDS/
/NFPLtNt4M3D1yYt/
/PwAGXtbf6tn5r/
/S5xbjWOoM75ysw9xaM/
/UrI6GM87K5u2y2pOW/
/YDjVQgZv/
/a0mJP2Adw5YTHt/
/av20pfJZ44/
/b5xkQkgEFiBmW/
/bPmzjYidYDLUT/
/bowptl/
/kUO7NnkpMp2cs/
/lOo46UEiVanm/
/qBdohcsqomjFk/
/qZ9UqoY2IzXUAqW3/
/uCccWJ/
/v4gdL66Y/
/wJqOY64M/
/wUw03JZqT3/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_03.02.2022.txt

123breathe.org/error/Drs/
advancedguerrillamarketing.com/assets/oUD/
aishyana.com/wp-admin/6pY001tdOxYb10/
albbd.online/wp-content/wUw03JZqT3/
astronomy24x7.com/wp-content/05ZGtxtrfIxNVb0M/
centrobilinguelospinos.com/wp-admin/EIzEADnvS/
chupahfashion.com/eh6bwxk/bowptl/xdAiCtVd/
crm.avionxpress.com/media/H4fjpmz/
detroitsignsandwraps.com/wp-admin/bPmzjYidYDLUT/
dirtduel.com/db/v4gdL66Y/
docs-construction.com/wp-admin/a0mJP2Adw5YTHt/
gainc.info/product3_files/PwAGXtbf6tn5r/
giskunihar.com/wp-content/4meLxvZP/
greenesqualityflooring.com/error/kUO7NnkpMp2cs/
id-tiara.com/well-known/AW7ddGt/
jeffreylubin.igclout.com/wp-admin/0WGa0yF6b6F3VK5tb/
karaah.com/kvxtqec/L8mqXiKjN95uoFOQqDS/
laohange.com/wp-content/0qJRIjxxhZ/
liaisonltd.com/-/wJqOY64M/
lupus.ktcatl.com/wp-content/uCccWJ/
mail.gymcoachjose.com/ew9iwl/av20pfJZ44/
mail.terinhumphrey.com/tasty-crab-promo/qBdohcsqomjFk/
mail.themintlist.com/wp-includes/S5xbjWOoM75ysw9xaM/
nccikeja.com/back/lOo46UEiVanm/
new.hssus.org/wp-includes/blocks/eKID0QAfLUS/
orelco.net/wp-admin/5NiO/
packersandmoversbangalorecharges.com/cgi-bin/UrI6GM87K5u2y2pOW/
sahayoghospitals.com/older/NFPLtNt4M3D1yYt/
stancewheels.com/wp-admin/b5xkQkgEFiBmW/
stavki-na-sporte.ru/wp-content/qZ9UqoY2IzXUAqW3/
tranhgohoangthiet.com/Fox-C/E9ZETOCG4gWfNONRKWG/
/-/wJqOY64M/
/Fox-C/E9ZETOCG4gWfNONRKWG/
/back/lOo46UEiVanm/
/cgi-bin/UrI6GM87K5u2y2pOW/
/db/v4gdL66Y/
/eh6bwxk/bowptl/
/error/kUO7NnkpMp2cs/
/ew9iwl/av20pfJZ44/
/kvxtqec/L8mqXiKjN95uoFOQqDS/
/media/H4fjpmz/
/older/NFPLtNt4M3D1yYt/
/product3_files/PwAGXtbf6tn5r/
/tasty-crab-promo/qBdohcsqomjFk/
/well-known/AW7ddGt/
/wp-admin/0WGa0yF6b6F3VK5tb/
/wp-admin/5NiO/
/wp-admin/6pY001tdOxYb10/
/wp-admin/EIzEADnvS/
/wp-admin/YDjVQgZv/
/wp-admin/a0mJP2Adw5YTHt/
/wp-admin/b5xkQkgEFiBmW/
/wp-admin/bPmzjYidYDLUT/
/wp-content/05ZGtxtrfIxNVb0M/
/wp-content/0qJRIjxxhZ/
/wp-content/4meLxvZP/
/wp-content/qZ9UqoY2IzXUAqW3/
/wp-content/uCccWJ/
/wp-content/wUw03JZqT3/
/wp-includes/S5xbjWOoM75ysw9xaM/

# Reference: https://twitter.com/pr0xylife/status/1489577555376156674

landorestates.com/wordpress/NELf96wr/
/wordpress/NELf96wr/
/NELf96wr/

# Reference: https://twitter.com/pr0xylife/status/1489675405476995074

adobe.flash.player.xghostma26.com
csinoticias.com/wp-includes/RnHjIzg/
/wp-includes/RnHjIzg
/RnHjIzg/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_05.02.2022.txt

119.235.255.201:8080
144.76.186.55:7080
178.128.83.165:80
192.95.56.148:8080
45.79.173.200:443
51.254.140.238:7080
82.165.152.127:8080
asaanweb.com/PHPMailer-master/1MYGpHszzRfHAN4/
bachilleratoporciclos.org/wp-content/zR/
candisee.bminteractivegroup.com/1g94ngo/2n7lJoPuPDEanPcX/
formula8020.com/css/JCuR6OE404DgR/
glowrentals.com/wp-admin/f1zeAKGTnS6I/
gosporthistoryclub.org.uk/wp-content/vOixo/
homedekornaturalcraft.com/ymu/fGsFT7j/
lucasandbarbiehodges.net/wp-content/nbKbVJ8E55V2I/
monet.kiev.ua/css/KvkD194/
pgegroups.com/ism.pgegroups.com/HTv8/
readyplans.in/wp-content/UtiS4IPBYSIiaPzCCe/
royalsnackmyanmar.com/wp-includes/Z4E3Vtp8k4Z/
ssf2.edelta.in/Themes/7hGzIAH5BYf9fFLK/
stimulusbrand.com/5qAhX5nC-content/1/
store.uxdsummit.com/wp-admin/VfgBSQa7Z/
subs.video/netreginstall/7LKhp4JjAyQ0mc/
theclubgym.in/wp-includes/jnTMKV3pHa9a/
/1g94ngo/2n7lJoPuPDEanPcX/
/5qAhX5nC-content/1/
/PHPMailer-master/1MYGpHszzRfHAN4/
/Themes/7hGzIAH5BYf9fFLK/
/css/JCuR6OE404DgR/
/css/KvkD194/
/ism.pgegroups.com/HTv8/
/netreginstall/7LKhp4JjAyQ0mc/
/wp-admin/VfgBSQa7Z/
/wp-admin/f1zeAKGTnS6I/
/wp-content/UtiS4IPBYSIiaPzCCe/
/wp-content/nbKbVJ8E55V2I/
/wp-content/vOixo/
/wp-content/zR/
/wp-includes/Z4E3Vtp8k4Z/
/wp-includes/jnTMKV3pHa9a/
/ymu/fGsFT7j/
/1MYGpHszzRfHAN4/
/1g94ngo/
/2n7lJoPuPDEanPcX/
/5qAhX5nC-content/
/7LKhp4JjAyQ0mc/
/7hGzIAH5BYf9fFLK/
/fGsFT7j/
/JCuR6OE404DgR/
/KvkD194/
/UtiS4IPBYSIiaPzCCe/
/VfgBSQa7Z/
/Z4E3Vtp8k4Z/
/f1zeAKGTnS6I/
/jnTMKV3pHa9a/
/nbKbVJ8E55V2I/
/vOixo/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_07.02.2022.txt

174.136.15.27:8080
185.122.58.89:443
93.104.208.37:8080
7jcat.com/wp-content/cQO3vdPQavJrf2UrCW/
desayunosdesde.casa/wp-content/lyNShWgYN7F/
pickuphiblog.tatamotors.com/wp-includes/LoBv7LwWesAhk7Xu0A/
subs.video/netreginstall/6TMx9WQkWQG3mnRyrD/
phutungbom.com/cgi-bin/CawQlbH731aUMSP/
/cgi-bin/CawQlbH731aUMSP/
/netreginstall/6TMx9WQkWQG3mnRyrD/
/wp-content/cQO3vdPQavJrf2UrCW/
/wp-includes/LoBv7LwWesAhk7Xu0A/
/wp-content/lyNShWgYN7F/
/6TMx9WQkWQG3mnRyrD/
/CawQlbH731aUMSP/
/cQO3vdPQavJrf2UrCW/
/LoBv7LwWesAhk7Xu0A/
/lyNShWgYN7F/

# Reference: https://twitter.com/Max_Mal_/status/1490754610251849737

pickuptnblog.tatamotors.com/iyc6qmm/11lz0UGDvT/
shejiguanjia.com/wp-includes/PjsuDhy5/
/iyc6qmm/11lz0UGDvT/
/wp-includes/PjsuDhy5/
/11lz0UGDvT/
/iyc6qmm/
/PjsuDhy5/

# Reference: https://twitter.com/Max_Mal_/status/1490754611824762893

180.250.21.2:443

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_08.02.2022.txt

103.42.57.17:8080
casualenglishchat.com/cgi/6g0pcvCOYPZYn/
francisdifronzo.com/eln-images/T6yB/
goncalves.com/counter/3OkjcVmCPdokTG/
grimmcm.com/cgi/6hoBPCb3E/
intelfirm.com/eln-images/xaTiPeapzK/
k7tgu.com/Bryce/UBfCU05bih/
keyesforsteuben.com/cgi/vnBHCHIlWZx/
manningind.com/eln-images/rx7j2VVFK/
mardigrasslandscaping.com/cgi/w4BV/
mkdevcorp.com/cgi/33HhffLF60pcv/
ronfrankproductions.com/4agreements/trEgS/
topstravel.com/VPImages/dPW/
urieprocor.com/cgi/m2m7z88gOsNceL/
/4agreements/trEgS/
/Bryce/UBfCU05bih/
/VPImages/dPW/
/cgi/33HhffLF60pcv/
/cgi/6g0pcvCOYPZYn/
/cgi/6hoBPCb3E/
/cgi/m2m7z88gOsNceL/
/cgi/vnBHCHIlWZx/
/cgi/w4BV/
/counter/3OkjcVmCPdokTG/
/eln-images/T6yB/
/eln-images/rx7j2VVFK/
/eln-images/xaTiPeapzK/
/33HhffLF60pcv/
/3OkjcVmCPdokTG/
/6g0pcvCOYPZYn/
/6hoBPCb3E/
/UBfCU05bih/
/m2m7z88gOsNceL/
/rx7j2VVFK/
/vnBHCHIlWZx/
/xaTiPeapzK/

# Reference: https://twitter.com/Max_Mal_/status/1490985607191232516

annefront.com/eln-images/gANlH/
boamorph.com/cgi/hTa5ip96VSdNjX/
chpopesco.com/Gallery/wPY7j2SE5MIv/
hollywoodvisual.com/eln-images/HIWl5z/
marcowine.com/Images/SLlwnvS7Uxnymm/
marezdecor.com/MarezGallery/sEQxWTpMJ7A8rAtY0D/
miniflam.com/eln-images/fSwbQjUMAfGxgdw/
modsociete.com/cgi/qtAP/
realacorp.net/PhotoGallery/UwmRHceSGbaCeGF/
rogerschultz.com/eln-images/u0vT/
/Gallery/wPY7j2SE5MIv/
/Images/SLlwnvS7Uxnymm/
/MarezGallery/sEQxWTpMJ7A8rAtY0D/
/PhotoGallery/UwmRHceSGbaCeGF/
/cgi/hTa5ip96VSdNjX/
/cgi/qtAP/
/eln-images/HIWl5z/
/eln-images/fSwbQjUMAfGxgdw/
/eln-images/gANlH/
/eln-images/u0vT/
/HIWl5z/
/SLlwnvS7Uxnymm/
/UwmRHceSGbaCeGF/
/fSwbQjUMAfGxgdw/
/hTa5ip96VSdNjX/
/sEQxWTpMJ7A8rAtY0D/
/wPY7j2SE5MIv/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_08.02.2022.txt

153.126.203.229:8080
31.24.158.56:8080
8.9.11.48:443
bachilleratoporciclos.co/wp-content/PvIIx7/
calad-formation.fr/r3x94z/kgZ9OGCi/
dwwmaster.com/wp-content/ebHTB4UF2/
edu-media.cn/wp-admin/cKi/
formula8020.com/css/56Dzi0P/
fullness-safety.com/-/P6x/
lissbernardin.com/hthjb3i/x9KHpCeYrr/
nabajyotifoundation.com/da8uc7jo/4Za/
pristineservices.findfacts.co.in/cgi-bin/BuLyc2HKLHIQVHQLc/
royalsnackmyanmar.com/wp-includes/GMtz6DxM/
royaltyrealtynsb.com/backup_1/g51THhhLLUqodx6/
rtd.b2bpipe.cn/wp-content/8ESRhIJAIRh/
speedrankingsystem.de/wp-admin/k63ZcimPsE6/
tigela.org.np/wp-content/Irp27O71/
/-/P6x/
/backup_1/g51THhhLLUqodx6/
/cgi-bin/BuLyc2HKLHIQVHQLc/
/css/56Dzi0P/
/da8uc7jo/4Za/
/hthjb3i/x9KHpCeYrr/
/r3x94z/kgZ9OGCi/
/wp-admin/cKi/
/wp-admin/k63ZcimPsE6/
/wp-content/8ESRhIJAIRh/
/wp-content/Irp27O71/
/wp-content/PvIIx7/
/wp-content/ebHTB4UF2/
/wp-includes/GMtz6DxM/
/56Dzi0P/
/8ESRhIJAIRh/
/BuLyc2HKLHIQVHQLc/
/GMtz6DxM/
/Irp27O71/
/PvIIx7/
/da8uc7jo/
/ebHTB4UF2/
/g51THhhLLUqodx6/
/hthjb3i/
/k63ZcimPsE6/
/kgZ9OGCi/
/r3x94z/
/x9KHpCeYrr/

# Reference: https://isc.sans.edu/diary/28318

138.197.64.211:8080
202.29.237.114:8080

# Reference: https://twitter.com/58_158_177_102/status/1491351649662959619

alivesystems.com/eln-images/pm2rSsnVM/
don-lee.com/_notes/U6H14DNA/
hi-techaudio.com/dir2021/g3d/
mellow60s.com/Stanley_files/EFIqwZ183rfmd/
/_notes/U6H14DNA/
/eln-images/pm2rSsnVM/
/Stanley_files/EFIqwZ183rfmd/
/EFIqwZ183rfmd/
/pm2rSsnVM/
/U6H14DNA/

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-02-10-IOCs-for-Emotet-epoch5-infection-with-Cobalt-Strike.txt

198.199.126.144:443
comezmuhendislik.com/ljfrmm/VTpHRFWoORAHnRQ3aQL/
fortiuspharma.com/y6krss/EGm347cqj5/
garyjharris.com/cgi-bin/0hH/
golfpia.karmatechmediaworks.com/wp-content/oEicpDnEkk/
midnightsilvercrafters.com/store/wBjNOUw/
redington.karmatechmediaworks.com/wp-content/3JVuVx7QUM/
servilogic.net/b/14hqrdyP0Z3WsbQib8/
tempral.com/NATE_05_22_2009/BI710N4cQ6R3/
toto.karmatechmediaworks.com/wp-content/i826vbcVgRJ/
uhc.karmatechmediaworks.com/wp-content/0EqfdeznntlOpaIP2Qv/
vietnam.karmatechmediaworks.com/wp-content/PfSVQagusZy7AaMw/
vinculinc.karmatechmediaworks.com/wp-content/VlcOPPwgidWlXDJNs6/
webmail.glemedical.com/wp-content/J1M2xxodH/
/NATE_05_22_2009/BI710N4cQ6R3/
/b/14hqrdyP0Z3WsbQib8/
/cgi-bin/0hH/
/ljfrmm/VTpHRFWoORAHnRQ3aQL/
/store/wBjNOUw/
/wp-content/0EqfdeznntlOpaIP2Qv/
/wp-content/3JVuVx7QUM/
/wp-content/J1M2xxodH/
/wp-content/PfSVQagusZy7AaMw/
/wp-content/VlcOPPwgidWlXDJNs6/
/wp-content/i826vbcVgRJ/
/wp-content/oEicpDnEkk/
/y6krss/EGm347cqj5/
/0EqfdeznntlOpaIP2Qv/
/14hqrdyP0Z3WsbQib8/
/3JVuVx7QUM/
/BI710N4cQ6R3/
/EGm347cqj5/
/J1M2xxodH/
/NATE_05_22_2009/
/PfSVQagusZy7AaMw/
/VTpHRFWoORAHnRQ3aQL/
/VlcOPPwgidWlXDJNs6/
/i826vbcVgRJ/
/ljfrmm/
/oEicpDnEkk/
/wBjNOUw/
/y6krss/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_11.02.2022.txt

185.248.140.40:443
203.114.109.124:443
clairemauer.com/wp-admin/vXjSf8tAAMLwwWh3/
hillyerassociates.com/cgi/qQV/
idesign-bruceberman.com/cgi/m7CP7jP7DPkcy/
internationalstrategy.org/cgi/VT7we3QHAboswHu2ff/
joncicchettilandscapearchitect.com/eln-images/welcome/Pkoh97H/
oakcourtpress.com/Guest/M/
piedpiperdesigns.com/OLDSITE-DEC-2006/0OxPcj5Sjk/
robevansphotography.com/cgi/vNM8Ufvon3js/
roketscience.com/cgi/qpTxCZiW0HqynNH//7RFeiqkgymCs/
tonysommers.net/eln-images/BowlvMV7raSyx8l/
triangle-associates.com/ESW/Styles/yEHM2ir/
ttisecurity.com/cgi/7RFeiqkgymCs/
/ESW/Styles/
/Guest/M/
/OLDSITE-DEC-2006/0OxPcj5Sjk/
/cgi/7RFeiqkgymCs/
/cgi/VT7we3QHAboswHu2ff/
/cgi/m7CP7jP7DPkcy/
/cgi/qQV/
/cgi/qpTxCZiW0HqynNH/
/cgi/vNM8Ufvon3js/
/eln-images/BowlvMV7raSyx8l/
/eln-images/welcome/
/wp-admin/vXjSf8tAAMLwwWh3/
/0OxPcj5Sjk/
/7RFeiqkgymCs/
/BowlvMV7raSyx8l/
/OLDSITE-DEC-2006/
/VT7we3QHAboswHu2ff/
/m7CP7jP7DPkcy/
/qpTxCZiW0HqynNH/
/vNM8Ufvon3js/
/vXjSf8tAAMLwwWh3/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_09.02.2022.txt

dadsgetinthegame.com/eln-images/tAAUG/
framemakers.us/eln-images/U5W2IGE9m8i9h9r/
missionnyc.org/fonts/JO5/
mpmcomputing.com/fonts/fJJrjqpIY3Bt3Q/
niplaw.com/asolidfoundation/yCE9/
robertflood.us/eln-images/DGI2YOkSc99XPO/
robertmchilespe.com/cgi/3f/
rosevideo.net/eln-images/EjdCoMlY8Gy/
rosewoodcraft.com/Merchant2/5.00/PGqX/
smbservices.net/cgi/JO01ckuwd/
stkpointers.com/eln-images/D/
vbaint.com/eln-images/H2pPGte8XzENC/
vocoptions.net/cgi/ifM9R5ylbVpM8hfR/
youlanda.org/eln-images/n8DPZISf/
/asolidfoundation/yCE9/
/cgi/JO01ckuwd/
/cgi/ifM9R5ylbVpM8hfR/
/eln-images/DGI2YOkSc99XPO/
/eln-images/EjdCoMlY8Gy/
/eln-images/H2pPGte8XzENC/
/eln-images/U5W2IGE9m8i9h9r/
/eln-images/n8DPZISf/
/eln-images/tAAUG/
/fonts/fJJrjqpIY3Bt3Q/
/DGI2YOkSc99XPO/
/EjdCoMlY8Gy/
/H2pPGte8XzENC/
/JO01ckuwd/
/U5W2IGE9m8i9h9r/
/fJJrjqpIY3Bt3Q/
/ifM9R5ylbVpM8hfR/
/n8DPZISf/
/tAAUG/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_09.02.2022.txt

alivesystems.com/eln-images/pm2rSsnVM/
consciences.center/wp-includes/SkW2w/
creedmoorpartners.com/eln-images/wEYKd5KJZETheBswq/
don-lee.com/_notes/U6H14DNA/
hi-techaudio.com/dir2021/g3d/
homehandyworks.com/eln-images/xFIDPfs4SS1yw7ghXXk/
lost-earth.com/Black_and_White/ZW4rHEdD1vZX/
mag-designs.com/css/L3QKlr6iTzILVzbnC/
mattersoffact.com/cgi/E0C1vtSqt/
mellow60s.com/Stanley_files/EFIqwZ183rfmd/
pro-ficientllc.com/PDF_files/5A9W8/
pureplatinumband.com/Schedule/EW24AYJCvBpN8Gc/
roderickpowellentertainment.com/eln-images/OVOyN3y9/
/Black_and_White/ZW4rHEdD1vZX/
/PDF_files/5A9W8/
/Schedule/EW24AYJCvBpN8Gc/
/Stanley_files/EFIqwZ183rfmd/
/_notes/U6H14DNA/
/cgi/E0C1vtSqt/
/css/L3QKlr6iTzILVzbnC/
/dir2021/g3d/
/eln-images/OVOyN3y9/
/eln-images/pm2rSsnVM/
/eln-images/wEYKd5KJZETheBswq/
/eln-images/xFIDPfs4SS1yw7ghXXk/
/wp-includes/SkW2w/
/5A9W8/
/E0C1vtSqt/
/EFIqwZ183rfmd/
/EW24AYJCvBpN8Gc/
/L3QKlr6iTzILVzbnC/
/OVOyN3y9/
/SkW2w/
/U6H14DNA/
/ZW4rHEdD1vZX/
/pm2rSsnVM/
/wEYKd5KJZETheBswq/
/xFIDPfs4SS1yw7ghXXk/

# Reference: https://www.virustotal.com/gui/file/0633019e5eec5f2411498a8c1fb0404c39af1ddc80675accb4cd0428af676383/detection
# Reference: https://www.virustotal.com/gui/file/adbb3ecd9f25ed93e82b54c8e33ab48cd8367306bab18f955e77c8977f012a7a/detection
# Reference: https://www.virustotal.com/gui/file/a99169c0c4cd0aae9f820e42d34b687a46c45cfc8315a6fd5e011852fa150f69/detection
# Reference: https://www.virustotal.com/gui/file/93a581ab0f18f2032170c770692ebfd739338f25a5a0ae967ccffcf56edf9127/detection
# Reference: https://www.virustotal.com/gui/file/801858246d64e2d7d45a3b01068f4aedc5d1a12278763a64a2c07b8f6bfa2598/detection

painelcs.duckdns.org
/dotms_8/OUIDmYHQiEj.dotm
/dotms_8/
/DomOnPQPslJyYNqj.dotm
/eSqpvxVWiQOlLamn.dotm
/OUIDmYHQiEj.dotm
/yrKhfrbXXji.dotm
/zwNcWaUPHZI.dotm

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_22.02.2022.txt

103.134.85.85:80
156.67.219.84:7080
175.107.196.192:80
50.30.40.196:8080
1566xueshe.com/wp-includes/z92ZVqHH8/
actividades.laforetlanguages.com/wp-admin/dU8Ds/
ama.cu/jpr/VVP/
dwwmaster.com/wp-content/1sR2HfFxQnkWuu/
edu-media.cn/wp-admin/0JAE/
iacademygroup.cl/office/G42LJPLkl/
mtc.joburg.org.za/-/GBGJeFxXWlNbABv2/
mymicrogreen.mightcode.com/Fox-C/NWssAbNOJDxhs/
o2omart.co.in/infructuose/m4mgt2MeU/
wearsweetbomb.com/wp-content/15zZybP1EXttxDK4JH/
znzhou.top/mode/0Qb/
/-/GBGJeFxXWlNbABv2/
/Fox-C/NWssAbNOJDxhs/
/infructuose/m4mgt2MeU/
/office/G42LJPLkl/
/wp-admin/0JAE/
/wp-admin/dU8Ds/
/wp-content/15zZybP1EXttxDK4JH/
/wp-content/1sR2HfFxQnkWuu/
/wp-includes/z92ZVqHH8/
/15zZybP1EXttxDK4JH/
/1sR2HfFxQnkWuu/
/G42LJPLkl/
/GBGJeFxXWlNbABv2/
/NWssAbNOJDxhs/
/m4mgt2MeU/
/z92ZVqHH8/

# Reference: https://www.virustotal.com/gui/file/1ab2f31fb0b73d7c82f3bf340a1dcbf80e5b0855ffe0d8052a74154656dd18f7/detection

175.107.196.192:443

# Reference: https://tria.ge/220223-shbgesbhcj

27.254.174.84:8080
45.71.195.104:8080
61.7.231.226:443
61.7.231.229:443
68.183.93.250:443
93.104.209.107:8080

# Reference: github.com/pr0xylife/Emotet/blob/main/e5_emotet_23.02.2022.txt

lydt.cc
animalsandusfujairah.com/wp-admin/JWO58zeUOwSI/
dalgahavuzu.com/pwkfky/LF0WU/
dmdagents.com.au/vqwbgz/CL4Bo4C4VS0deg/
dolphinsupremehavuzrobotu.com/yrrct/QcbxhqCQ/
dolphinwavehavuzrobotu.com/wp-includes/RmCbvIKjjtlB3tabyPo/
duvarkagitlarimodelleri.com/42hhp/gZXakh7/
gmo-sol-10.heteml.jp/includes/UoJMgYAc1EES/
gmo-sol-p10.heteml.jp/includes/UoJMgYAc1EES/
havuzkaydiraklari.com/wp-includes/YqYdLFA/
iashanghai.cn/z/Z1PG6ulBh20plss/
isguvenligiburada.com/xcg/uZSU/
kinetekturk.com/e2ea69p/9U52O7jTobF8J/
littlesweet.co.uk/wp-admin/vko/
lpm.fk.ub.ac.id/Fox-C/faKwS6p6/
lydt.cc/wp-includes/6sfYo/
pasionportufuturo.pe/wp-content/HkUfvw0xuCy5/
sandiegoinsuranceagents.com/cgi-bin/XK1VSXZddLdN/
servidorcarlosydavid.es/wp-admin/jkNPgHxNjF/
stratuswebsolutions.co.nz/wp-content/wyEEj5jH8xq50rp1/
swaong.com/assets/VV4/
vipwatchpay.com/Isoetales/5wy8L0TQ1xCZEr/
wvfsbrasil.com.br/Acrasieae/LIYNOqCthfZuCWQz3/
/42hhp/gZXakh7/
/Acrasieae/LIYNOqCthfZuCWQz3/
/Fox-C/faKwS6p6/
/Isoetales/5wy8L0TQ1xCZEr/
/cgi-bin/XK1VSXZddLdN/
/e2ea69p/9U52O7jTobF8J/
/includes/UoJMgYAc1EES/
/pwkfky/LF0WU/
/vqwbgz/CL4Bo4C4VS0deg/
/wp-admin/JWO58zeUOwSI/
/wp-admin/jkNPgHxNjF/
/wp-admin/vko/
/wp-content/HkUfvw0xuCy5/
/wp-content/wyEEj5jH8xq50rp1/
/wp-includes/6sfYo/
/wp-includes/RmCbvIKjjtlB3tabyPo/
/wp-includes/YqYdLFA/
/yrrct/QcbxhqCQ/
/z/Z1PG6ulBh20plss/
/5wy8L0TQ1xCZEr/
/6sfYo/
/9U52O7jTobF8J/
/CL4Bo4C4VS0deg/
/HkUfvw0xuCy5/
/JWO58zeUOwSI/
/LF0WU/
/LIYNOqCthfZuCWQz3/
/pwkfky/
/QcbxhqCQ/
/RmCbvIKjjtlB3tabyPo/
/UoJMgYAc1EES/
/XK1VSXZddLdN/
/YqYdLFA/
/Z1PG6ulBh20plss/
/faKwS6p6/
/gZXakh7/
/jkNPgHxNjF/
/wyEEj5jH8xq50rp1/

# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-02-26_Emotet_DownloadURLs

http://192.99.237.111
http://198.50.143.158
http://47.244.189.73
http://68.183.232.164

1566xueshe.com/wp-includes/z92ZVqHH8/
actividades.laforetlanguages.com/wp-admin/dU8Ds/
ajaxmatters.com/c7g8t/zbBYgukXYxzAF2hZc/
akhrailway.com/cgi-bin/b5c9CX4IK2GgN6C/
ama.cu/jpr/00YpKFEZ/
ama.cu/jpr/VVP/
appyhorsey.com/FeedBack/adJcH8XSC66hKK/
barnhart-studios.com/eln-images/Vghg1n/
beholdpublications.com/home/BABxyyWZx8Vu/
bimbeladzkia.com/1600-arrow/njvK9lEVwMfxQyw/
boamorph.com/cgi/hTa5ip96VSdNjX/
boardingschoolsoftware.com/backup/VC7WK/
cairm.xyz/backup_1/mQPAhJhpV/
carretilha.net/whats/qZ7jacauUIqEBtnUm/
centrobilinguelospinos.com/wp-admin/AivCY/
chastongroditski.com/eln-images/skSsCLJtI24kZvo/
chpopesco.com/Gallery/wPY7j2SE5MIv/
cksacoustics.com/wp-includes/bQ1/
cmbavocat.fr/wp-admin/uKCcU1bqvbSvE/
crm.avionxpress.com/media/H4fjpmz/
danahousecare.com/wp-content/cache/nAZV1f5Bh9CFmBtl2J/
dehraduncabs.com/wp-includes/9xqp/
dev.subs2me.com/wp-includes/EMa/
distribucionespariente.com/wp-includes/YHQ1W1R2iSznft2vO/
docs-construction.com/wp-admin/a0mJP2Adw5YTHt/
docs-construction.com/wp-admin/jDDqg/
dolphinsupremehavuzrobotu.com/yrrct/QcbxhqCQ/
dolphinwavehavuzrobotu.com/wp-includes/RmCbvIKjjtlB3tabyPo/
duvarkagitlarimodelleri.com/42hhp/gZXakh7/
dwwmaster.com/wp-content/1sR2HfFxQnkWuu/
dwwmaster.com/wp-content/W7XGpodRs5kYvnV/
dwwmaster.com/wp-content/ebHTB4UF2/
edu-media.cn/wp-admin/0JAE/
edu-media.cn/wp-admin/cKi/
environmentalaw.com/cgi/Qb/
estesgroup.net/New-site-25062021/UkQPppHG9pLNE/
explorationit.com/screwing/AxLm/
filecabinet.digitalechoes.co.uk/wp-admin/NC/
fortiuspharma.com/y6krss/EGm347cqj5/
framemakers.us/eln-images/U5W2IGE9m8i9h9r/
fraudaware.org.uk/wp-admin/UPeayYdSM/
gmo-sol-p10.heteml.jp/includes/UoJMgYAc1EES/
gocut.com/eln-images/cAw7Uw2w/
goncalves.com/counter/3OkjcVmCPdokTG/
grimmcm.com/cgi/6hoBPCb3E/
havuzkaydiraklari.com/wp-includes/YqYdLFA/
hcci.worldofss.com/fold-vhdl/CnBgXD/
howebeautiful.com/eln-images/tyj208/
iacademygroup.cl/office/G42LJPLkl/
iashanghai.cn/z/Z1PG6ulBh20plss/
id-tiara.com/well-known/2FC/
id-tiara.com/well-known/AW7ddGt/
idesign-bruceberman.com/cgi/m7CP7jP7DPkcy/
idvlab.com.br/wp-admin/FIWBL/
imprecof.com/i/QPWeAg0C1hh/
ineslebuhan.com/wp-includes/7dLR8UB3RFfSHd4cZN/
institutionsevigne.org/wp-includes/pvDqUHqjYEqoQ6R/
isatechnology.com/training/49zvkrPOeNa346BZfzRNtmmpCNcRmGQHwN9bDIZ7aqABWR/
isguvenligiburada.com/xcg/uZSU/
jkonderhoud.nl/wp-content/6of/
k7tgu.com/Bryce/UBfCU05bih/
karmapedia.com/wp-includes/edvf/
keyesforsteuben.com/cgi/vnBHCHIlWZx/
levohistam.com/wp-admin/VdXm/
lpm.fk.ub.ac.id/Fox-C/faKwS6p6/
lucacerullo.com/wp-admin/sZ7Sw/
lydt.cc/wp-includes/6sfYo/
makspeedtech.com/cgi-bin/6BuOTbA/
marcowine.com/Images/SLlwnvS7Uxnymm/
mariemont.edu.co/wp-admin/i8Lqty/
marineboyrecords.com/font-awesome/QBBByHDDYl0slxlQ/
marineboyrecords.com/font-awesome/t37LOj/
mbahauddin.com/v/2horjuyP/
mcjalandhar.in/1950-kill/BMoLHJM4g/
meridianites.com/cgi/pBoGxZ9igKZKn/
miniflam.com/eln-images/fSwbQjUMAfGxgdw/
mtc.joburg.org.za/-/GBGJeFxXWlNbABv2/
mymicrogreen.mightcode.com/Fox-C/NWssAbNOJDxhs/
narsanat.com/banner/TnIhz/
newmainghantabazar.com/wp-includes/tyiPqbUMvMq79yMyM8E/
nuugebeya.com/wp-content/LqCYYSBQ/
old.liceum9.ru/images/images/NKeRl/
on-lineventures.com/cgi/ks0Mp/
orbdyn.com/eln-images/72ua/
pasionportufuturo.pe/wp-content/HkUfvw0xuCy5/
patriciamirapsicologa.com/wp-includes/fVVa9DXB/
pouget-malescours.fr/wp-content/1oyGiKJgrGOQE/
qqziyuanwang.com/wp-includes/KtXrm5GwJ/
qqziyuanwang.com/wp-includes/Tad/
realitevirtuelleguadeloupe.com/warp-visa/xogkV/
robointeligentedecomentarios.com/wp-includes/YBS9a02Y68auiEdP/
rtd.b2bpipe.cn/wp-content/8ESRhIJAIRh/
schildersbedrijfdsdevos.nl/wp-content/ItnBDmJay1Udk/
seacupps.com/eln-images/AYvykzg/
shadesofask.com/10000-ncsa/iwqc/
shrinandrajoverseas.com/old/DKrM3rb3YibtEJUVmvS/
simulateur.olsenandg.com/macd-10gbe/55vS6Mo8YYii/
skyridgedesigns.com/eln-images/38pr2cu3xt2Ai/
sleepstarlite-ozark.com/batesville/UjX/
stavki-na-sporte.ru/wp-content/qZ9UqoY2IzXUAqW3/
swaong.com/assets/VV4/
swaong.com/b/SVSAPzeDU657xJdmJv/
swaong.com/wp-admin/k9Db4Vjafnk/
tainformado.com.br/wp-content/0Ysot/
thecanadianarab.com/wp-content/VJ/
towardsun.net/admin/O29Fja/
vanessanascimento.com.br/auren-xbox/cDD2dfW/
vasilestudio.com/wp-admin/pZ1vbd5Z/
vasilestudio.com/wp-admin/vh8oEprCE3/
vendedoramigo.com.br/wp-admin/tfQwLyk4/
vipwatchpay.com/Isoetales/5wy8L0TQ1xCZEr/
vocoptions.net/cgi/ifM9R5ylbVpM8hfR/
vrstar-park.com/wp-includes/0bAm9feNorwTmVrj/
wearsweetbomb.com/wp-content/15zZybP1EXttxDK4JH/
webnatico.com/wp-content/upgrade/0MX2VOYxID/
wencollection.com/wp-admin/pY6t2bVC0QWEpk7Q/
wvfsbrasil.com.br/Acrasieae/LIYNOqCthfZuCWQz3/
xn--t60b69m1ey68a22oyvh.com/wp-content/Ie0/
yanapiri.com/upeatv/9IZP9RfbH338pFPI/
yatrataxi.com/wp-content/X4Ce/
york-show.ru/Kennedya/nmKdRgc70/
znzhou.top/mode/0Qb/
/10000-ncsa/iwqc/
/1600-arrow/njvK9lEVwMfxQyw/
/1950-kill/BMoLHJM4g/
/42hhp/gZXakh7/
/Acrasieae/LIYNOqCthfZuCWQz3/
/Bryce/UBfCU05bih/
/FeedBack/adJcH8XSC66hKK/
/Fox-C/NWssAbNOJDxhs/
/Fox-C/faKwS6p6/
/Gallery/wPY7j2SE5MIv/
/Images/SLlwnvS7Uxnymm/
/Isoetales/5wy8L0TQ1xCZEr/
/Kennedya/nmKdRgc70/
/New-site-25062021/UkQPppHG9pLNE/
/admin/O29Fja/
/assets/VV4/
/auren-xbox/cDD2dfW/
/b/SVSAPzeDU657xJdmJv/
/backup/VC7WK/
/backup_1/mQPAhJhpV/
/banner/TnIhz/
/batesville/UjX/
/c7g8t/zbBYgukXYxzAF2hZc/
/cgi-bin/6BuOTbA/
/cgi-bin/PsABe8gznY/
/cgi-bin/b5c9CX4IK2GgN6C/
/cgi/6hoBPCb3E/
/cgi/Qb/
/cgi/hTa5ip96VSdNjX/
/cgi/ifM9R5ylbVpM8hfR/
/cgi/ks0Mp/
/cgi/m7CP7jP7DPkcy/
/cgi/pBoGxZ9igKZKn/
/cgi/vnBHCHIlWZx/
/counter/3OkjcVmCPdokTG/
/eln-images/38pr2cu3xt2Ai/
/eln-images/72ua/
/eln-images/AYvykzg/
/eln-images/U5W2IGE9m8i9h9r/
/eln-images/Vghg1n/
/eln-images/cAw7Uw2w/
/eln-images/fSwbQjUMAfGxgdw/
/eln-images/skSsCLJtI24kZvo/
/eln-images/tyj208/
/fold-vhdl/CnBgXD/
/font-awesome/QBBByHDDYl0slxlQ/
/font-awesome/t37LOj/
/home/BABxyyWZx8Vu/
/i/QPWeAg0C1hh/
/includes/UoJMgYAc1EES/
/jpr/00YpKFEZ/
/jpr/VVP/
/macd-10gbe/55vS6Mo8YYii/
/media/H4fjpmz/
/mode/0Qb/
/office/G42LJPLkl/
/old/DKrM3rb3YibtEJUVmvS/
/screwing/AxLm/
/training/49zvkrPOeNa346BZfzRNtmmpCNcRmGQHwN9bDIZ7aqABWR/
/upeatv/9IZP9RfbH338pFPI/
/v/2horjuyP/
/warp-visa/xogkV/
/well-known/2FC/
/well-known/AW7ddGt/
/well-known/cwxgmEZsYIT/
/whats/qZ7jacauUIqEBtnUm/
/wp-admin/0JAE/
/wp-admin/AivCY/
/wp-admin/FIWBL/
/wp-admin/NC/
/wp-admin/PnJY1/
/wp-admin/UPeayYdSM/
/wp-admin/VdXm/
/wp-admin/a0mJP2Adw5YTHt/
/wp-admin/cKi/
/wp-admin/dU8Ds/
/wp-admin/i8Lqty/
/wp-admin/jDDqg/
/wp-admin/k9Db4Vjafnk/
/wp-admin/pY6t2bVC0QWEpk7Q/
/wp-admin/pZ1vbd5Z/
/wp-admin/sZ7Sw/
/wp-admin/tfQwLyk4/
/wp-admin/uKCcU1bqvbSvE/
/wp-admin/vh8oEprCE3/
/wp-content/0Ysot/
/wp-content/15zZybP1EXttxDK4JH/
/wp-content/1oyGiKJgrGOQE/
/wp-content/1sR2HfFxQnkWuu/
/wp-content/6of/
/wp-content/8ESRhIJAIRh/
/wp-content/HkUfvw0xuCy5/
/wp-content/Ie0/
/wp-content/ItnBDmJay1Udk/
/wp-content/LqCYYSBQ/
/wp-content/VJ/
/wp-content/W7XGpodRs5kYvnV/
/wp-content/X4Ce/
/wp-content/ebHTB4UF2/
/wp-content/qZ9UqoY2IzXUAqW3/
/wp-includes/0bAm9feNorwTmVrj/
/wp-includes/6sfYo/
/wp-includes/7dLR8UB3RFfSHd4cZN/
/wp-includes/9xqp/
/wp-includes/EMa/
/wp-includes/KtXrm5GwJ/
/wp-includes/RmCbvIKjjtlB3tabyPo/
/wp-includes/Tad/
/wp-includes/Vyj7l35iCeCAT/
/wp-includes/YBS9a02Y68auiEdP/
/wp-includes/YHQ1W1R2iSznft2vO/
/wp-includes/YqYdLFA/
/wp-includes/bQ1/
/wp-includes/edvf/
/wp-includes/fVVa9DXB/
/wp-includes/pvDqUHqjYEqoQ6R/
/wp-includes/tyiPqbUMvMq79yMyM8E/
/wp-includes/z92ZVqHH8/
/xcg/uZSU/
/y6krss/EGm347cqj5/
/yrrct/QcbxhqCQ/
/z/Z1PG6ulBh20plss/
/00YpKFEZ/
/0Ysot/
/0bAm9feNorwTmVrj/
/15zZybP1EXttxDK4JH/
/1oyGiKJgrGOQE/
/1sR2HfFxQnkWuu/
/2horjuyP/
/38pr2cu3xt2Ai/
/3OkjcVmCPdokTG/
/49zvkrPOeNa346BZfzRNtmmpCNcRmGQHwN9bDIZ7aqABWR/
/55vS6Mo8YYii/
/5wy8L0TQ1xCZEr/
/6BuOTbA/
/6hoBPCb3E/
/6sfYo/
/7dLR8UB3RFfSHd4cZN/
/8ESRhIJAIRh/
/9IZP9RfbH338pFPI/
/9xqp/
/AW7ddGt/
/AYvykzg/
/AivCY/
/AxLm/
/BABxyyWZx8Vu/
/BMoLHJM4g/
/CnBgXD/
/DKrM3rb3YibtEJUVmvS/
/EGm347cqj5/
/FIWBL/
/G42LJPLkl/
/H4fjpmz/
/HkUfvw0xuCy5/
/ItnBDmJay1Udk/
/KtXrm5GwJ/
/LIYNOqCthfZuCWQz3/
/LqCYYSBQ/
/NWssAbNOJDxhs/
/O29Fja/
/PnJY1/
/PsABe8gznY/
/QBBByHDDYl0slxlQ/
/QPWeAg0C1hh/
/QcbxhqCQ/
/RmCbvIKjjtlB3tabyPo/
/SLlwnvS7Uxnymm/
/SVSAPzeDU657xJdmJv/
/TnIhz/
/U5W2IGE9m8i9h9r/
/UBfCU05bih/
/UPeayYdSM/
/UkQPppHG9pLNE/
/UoJMgYAc1EES/
/Vghg1n/
/Vyj7l35iCeCAT/
/W7XGpodRs5kYvnV/
/YBS9a02Y68auiEdP/
/YHQ1W1R2iSznft2vO/
/YqYdLFA/
/Z1PG6ulBh20plss/
/a0mJP2Adw5YTHt/
/adJcH8XSC66hKK/
/b5c9CX4IK2GgN6C/
/cAw7Uw2w/
/cDD2dfW/
/cwxgmEZsYIT/
/dU8Ds/
/ebHTB4UF2/
/fSwbQjUMAfGxgdw/
/fVVa9DXB/
/faKwS6p6/
/gZXakh7/
/hTa5ip96VSdNjX/
/i8Lqty/
/ifM9R5ylbVpM8hfR/
/jDDqg/
/k9Db4Vjafnk/
/ks0Mp/
/m7CP7jP7DPkcy/
/mQPAhJhpV/
/njvK9lEVwMfxQyw/
/nmKdRgc70/
/pBoGxZ9igKZKn/
/pY6t2bVC0QWEpk7Q/
/pZ1vbd5Z/
/pvDqUHqjYEqoQ6R/
/qZ7jacauUIqEBtnUm/
/qZ9UqoY2IzXUAqW3/
/sZ7Sw/
/skSsCLJtI24kZvo/
/t37LOj/
/tfQwLyk4/
/tyiPqbUMvMq79yMyM8E/
/tyj208/
/uKCcU1bqvbSvE/
/vh8oEprCE3/
/vnBHCHIlWZx/
/wPY7j2SE5MIv/
/xogkV/
/z92ZVqHH8/
/zbBYgukXYxzAF2hZc/

# Reference: https://twitter.com/K_N1kolenko/status/1498528276574314496

kingspointresidence.com/camelia-diamond_/G/
rockadile.nl/blogs/36DlPQKwRR1vOFQR/
santacruzam.com/wp-admin/FeDgNEP/
thearkrealmproject.com/wp-admin/wxB4Wp3KyEMCsZva/
/blogs/36DlPQKwRR1vOFQR/
/camelia-diamond_/G/
/wp-admin/FeDgNEP/
/wp-admin/wxB4Wp3KyEMCsZva/
/36DlPQKwRR1vOFQR/
/FeDgNEP/
/wxB4Wp3KyEMCsZva/

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-01-IOCs-for-Emotet-epoch4-with-Cobalt-Strike.txt

134.209.156.68:443
147.139.134.226:443
209.15.236.39:8080
dbmtechnologies.ca/wp-content/oZE7jRqRoPg7zVVW9/
diacrestgroup.com/ggv3rjy/9/
mayatherm.com/vendor/3Vk/
merturku.com/blogs/IFcif/
winnieswondersaviary.com/wp-content/GfGvSMj6HihGNZZa9T/
/blogs/IFcif/
/ggv3rjy/9/
/wp-content/GfGvSMj6HihGNZZa9T/
/wp-content/oZE7jRqRoPg7zVVW9/
/GfGvSMj6HihGNZZa9T/
/ggv3rjy/
/IFcif/
/oZE7jRqRoPg7zVVW9/

# Reference: https://twitter.com/JAMESWT_MHT/status/1498594562272546818

87.106.97.83:7080
updatesgarmin.com/c/X5oK7bz/
/c/X5oK7bz/
/X5oK7bz/

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-03-IOCs-for-Emotet-epoch4-with-Cobalt-Strike.txt

139.180.205.161:443
195.154.253.60:8080
217.79.180.211:8080
piajimenez.com/Fox-C/dS4nv3spYd0DZsnwLqov/
inopra.com/wp-includes/3zGnQGNCvIKuvrO7T/
biomedicalpharmaegypt.com/sapbush/BKEaVq1zoyJssmUoe/
getlivetext.com/Pectinacea/AL5FVpjleCW/
janshabd.com/Zgye2/
justforanime.com/stratose/PonwPXCl/
/Fox-C/dS4nv3spYd0DZsnwLqov/
/Pectinacea/AL5FVpjleCW/
/sapbush/BKEaVq1zoyJssmUoe/
/stratose/PonwPXCl/
/wp-includes/3zGnQGNCvIKuvrO7T/
/3zGnQGNCvIKuvrO7T/
/AL5FVpjleCW/
/BKEaVq1zoyJssmUoe/
/dS4nv3spYd0DZsnwLqov/
/PonwPXCl/

# Reference: https://tria.ge/220307-mxtzesgdbj

103.42.58.120:7080
168.119.39.118:443
186.250.48.5:80
51.75.33.122:443
amorespasalon.com/wp-admin/ZsK0FbGGLqNpmzL/
janshabd.com/E33ZFv/
/wp-admin/ZsK0FbGGLqNpmzL/
/E33ZFv/
/ZsK0FbGGLqNpmzL/

# Reference: https://tria.ge/220307-mkg44agbel

vrstar-park.com/wp-includes/N8807S9/
/wp-includes/N8807S9/

# Reference: https://twitter.com/Max_Mal_/status/1501236702861475843

146.59.226.45:443
146.59.226.45:8080
162.214.118.104:443
162.214.118.104:8080
185.4.135.27:443
185.4.135.27:8080
217.182.143.248:443
217.182.143.248:8080

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_08.03.2022.txt

agnesleung.com/raw.backup/p8D6ttXDaNwd/
agretto.com/Template/pnM0iPs4b2IfR7XY7v/
gsmjordan.com/SupplierPanel/XII/
moveit.savvyint.com/config/DsfssbO7BYG/
pakistannakliye.com/Dodonian/tSasxFCiQXxh5Qvin/
retailhpsinterview.com/search/yNbsL/
schwizer.net/styled/D0MG/
shabeerpv.atwebpages.com/css/ww6if1YAsMpjpuGz/
shimal.atwebpages.com/wp-content/xkaRkHr/
sociallysavvyseo.com/PinnacleDynamicServices/pRlYMzvfuu5B/
suleyera.com/components/CNGhltc5v2K6/
wellnessonus.com/wp-admin/OFq5F8Y/
xnxx.c1.biz/images/iJNVpahOW4CBuidDD66/
/Dodonian/tSasxFCiQXxh5Qvin/
/PinnacleDynamicServices/pRlYMzvfuu5B/
/SupplierPanel/XII/
/Template/pnM0iPs4b2IfR7XY7v/
/components/CNGhltc5v2K6/
/config/DsfssbO7BYG/
/css/ww6if1YAsMpjpuGz/
/images/iJNVpahOW4CBuidDD66/
/raw.backup/p8D6ttXDaNwd/
/search/yNbsL/
/styled/D0MG/
/wp-admin/OFq5F8Y/
/wp-content/xkaRkHr/
/tSasxFCiQXxh5Qvin/
/pRlYMzvfuu5B/
/pnM0iPs4b2IfR7XY7v/
/CNGhltc5v2K6/
/DsfssbO7BYG/
/ww6if1YAsMpjpuGz/
/iJNVpahOW4CBuidDD66/
/p8D6ttXDaNwd/
/OFq5F8Y/
/xkaRkHr/

# Reference: https://tria.ge/220314-jw93gafgcn

a-u-s.it/qLoyJJFV0q6Z2i/
activ-shoes.ro/wp-includes/7Ob1hpWvAnpR2fK4/
actwell.fr/logs/g2xyR/
afrivac.org/css/sZqqu3mYVHFK/
aservon.com/css/DhaDF9VHoru7/
getlivetext.com/wp-admin/6ZsANn00/
hih7.com/wp-admin/nX8WbaRCZVyVXi/
/css/DhaDF9VHoru7/
/css/sZqqu3mYVHFK/
/logs/g2xyR/
/wp-admin/6ZsANn00/
/wp-admin/nX8WbaRCZVyVXi/
/wp-includes/7Ob1hpWvAnpR2fK4/
/6ZsANn00/
/7Ob1hpWvAnpR2fK4/
/DhaDF9VHoru7/
/nX8WbaRCZVyVXi/
/qLoyJJFV0q6Z2i/
/sZqqu3mYVHFK/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_14.03.2022.txt

1.234.2.232:8080
103.221.221.247:8080
151.106.112.196:8080
153.126.146.25:7080
159.65.88.10:8080
176.56.128.118:443
177.87.70.10:8080
185.8.212.130:7080
186.250.48.117:7080
188.44.20.25:443
189.126.111.200:7080
196.218.30.83:443
197.242.150.244:8080
209.126.98.206:8080
5.9.116.246:8080
51.91.7.5:8080
thesparklezbox.com/wp-admin/kFkWN/
herbtytox.com/wp-admin/dq/
asyadegirmen.com/Template/nEMRY55nQgF/
westthamesphysio.com/blog/D8AAkEyZ7u/
adcreators.com.au/adcreators-edm/RDk3LtiwMkuDQy/
nipunpharmaskill.com/css/xm17DssGXjChcmm/
afyonmagazin.com/wp-content/DcnLRE/
/wp-admin/kFkWN/
/wp-admin/dq/
/Template/nEMRY55nQgF/
/blog/D8AAkEyZ7u/
/adcreators-edm/RDk3LtiwMkuDQy/
/css/xm17DssGXjChcmm/
/wp-content/DcnLRE/
/D8AAkEyZ7u/
/DcnLRE/
/nEMRY55nQgF/
/RDk3LtiwMkuDQy/
/xm17DssGXjChcmm/

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-14-IOCs-from-Emotet-epoch5-with-Cobalt-Strike.txt

68.183.62.61:8080
aaticd.co.za/wp-content/6JENALSdgs0RAPqV20z/
abildtrup.eu/wordpress/H0uDBpR/
actua.dk/res/EaoItn4LAZOeLFrFL/
aesiafrique.com/azerty/iTbkP5mpqK/
praachichemfood.com/wp-content/lcT43/
support.techopesolutions.com/application/zTAIK6GZ8I6zSLk/
vulkanvegasbonus.jeunete.com/wp-content/vsQ3Jp0XRqEqsVu/
/application/zTAIK6GZ8I6zSLk/
/azerty/iTbkP5mpqK/
/res/EaoItn4LAZOeLFrFL/
/wordpress/H0uDBpR/
/wp-content/6JENALSdgs0RAPqV20z/
/wp-content/lcT43/
/wp-content/vsQ3Jp0XRqEqsVu/
/6JENALSdgs0RAPqV20z/
/EaoItn4LAZOeLFrFL/
/H0uDBpR/
/iTbkP5mpqK/
/vsQ3Jp0XRqEqsVu/
/zTAIK6GZ8I6zSLk/

# Reference: https://twitter.com/K_N1kolenko/status/1503627704595369984

citybridgesc.at/Ergebnisse/K7mPH42tTl7slZgWH/
letea.eu/wp-content/CgaqeucmpVT2NEK/
life.lst.dx.am/img/WNIWv/
part-co.org/wp-admin/u4NPmsvZ3EWBa8tYlZv/
ponizinny.nl/wp-admin/KdLO9n/
protokol.mx/Archivos/HgTqbLkgrgLAvunV/
sport-foto.nu/wp-content/Jqf9mfIPcA/
/Archivos/HgTqbLkgrgLAvunV/
/Ergebnisse/K7mPH42tTl7slZgWH/
/img/WNIWv/
/wp-admin/KdLO9n/
/wp-admin/u4NPmsvZ3EWBa8tYlZv/
/wp-content/CgaqeucmpVT2NEK/
/wp-content/Jqf9mfIPcA/
/CgaqeucmpVT2NEK/
/HgTqbLkgrgLAvunV/
/Jqf9mfIPcA/
/K7mPH42tTl7slZgWH/
/KdLO9n/
/WNIWv/
/u4NPmsvZ3EWBa8tYlZv/

# Reference: https://twitter.com/K_N1kolenko/status/1503619640118943745

almoiz.com/urdu/LDlbo5gc4c/
aquinoabogados.com.ar/newsletter/tx9KBb2j/
asave.com.mx/cgi-bin/CUa/
avcservices-tt.com/EANAPI/hswSV1/
avrworks.com/mail/tGJconiBvy59a81/
e-tactics.com/wordpress/wpau-backup/i8Sv/
fitfabtherapy.com/Untitled-1/AdRf0JsnyI/
/EANAPI/hswSV1/
/Untitled-1/AdRf0JsnyI/
/mail/tGJconiBvy59a81/
/newsletter/tx9KBb2j/
/urdu/LDlbo5gc4c/
/wordpress/wpau-backup/i8Sv/
/AdRf0JsnyI/
/LDlbo5gc4c/
/hswSV1/
/tGJconiBvy59a81/
/tx9KBb2j/

# Reference: https://twitter.com/pancak3lullz/status/1503741093166395399

192.99.251.50:443
avrworks.com/mail/0Z4GbaKuDTGprJ/
/mail/0Z4GbaKuDTGprJ/
/0Z4GbaKuDTGprJ/

# Reference: https://tria.ge/220316-lpjytacaa2/

101.50.0.91:8080
103.43.46.182:443
119.193.124.41:7080
167.99.115.35:8080
195.201.151.129:8080
217.182.25.250:8080
45.76.1.145:443
72.15.201.15:8080
alinac.ca/images/Lp6yKpIpRf6/
alinatourbg.com/mail/TBCGVNzLeENXb/
/images/Lp6yKpIpRf6/
/mail/TBCGVNzLeENXb/
/Lp6yKpIpRf6/
/TBCGVNzLeENXb/

# Reference: https://twitter.com/K_N1kolenko/status/1504352894237163525
# Reference: https://pastebin.com/3yc6iq9r

altunyapiinsaat.com/datyusdtyuastbgdasg-23/vKckKhX11LJ/
blauwpurper.com/1rqbse/sSLCY0e/
bluefandago.com/qAbYoo/
bluerondo.net/cgi-bin/pEa9vohNq/
bogdan2003.com/4rzvAQRGzRhYmgbW3F/
bombtire.com/Ke0tX4d2vve/
borgmesteren.com/A9vrzBGuJJRSLuoD8/
borjalnoor.com/engine1/MHH/
bosny.com/aspnet_client/txzRH8yyBfH35i/
boxtelreport.com/biin/2Yjj6VB7u/
bozzline.com/cp/SGOwQkA00x5Ixe14e/
brendancleary.net/code_playground/e3ZqQ5WzPBq/
briankish.com/wp-includes/rU8RGhpptOleZ6070J8/
bridgetobalance.com/wp-content/uploads/OanMdqdzMjmmc2FY/
brucemulkey.com/wp-admin/XGXUrF2z0I/
bsgllc.tv/cloud/dASrd9jE/
buddymorel.com/cdar/3Egg7sUHTTd8kSrFj/
buketkucukbey.com/wp-admin/isUHefbl/
bulldogironworksllc.com/temp/r8YAI2o98o4j0UPn/
bvirtual.com/affinita/4jiy6L/
cabans.com/labs/atB4nhC3PxhoTrBe7/
/1rqbse/sSLCY0e/
/affinita/4jiy6L/
/aspnet_client/txzRH8yyBfH35i/
/biin/2Yjj6VB7u/
/cdar/3Egg7sUHTTd8kSrFj/
/cgi-bin/pEa9vohNq/
/cloud/dASrd9jE/
/code_playground/e3ZqQ5WzPBq/
/cp/SGOwQkA00x5Ixe14e/
/datyusdtyuastbgdasg-23/vKckKhX11LJ/
/engine1/MHH/
/labs/atB4nhC3PxhoTrBe7/
/temp/r8YAI2o98o4j0UPn/
/wp-admin/XGXUrF2z0I/
/wp-admin/isUHefbl/
/wp-includes/rU8RGhpptOleZ6070J8/
/1rqbse/
/2Yjj6VB7u/
/3Egg7sUHTTd8kSrFj/
/4jiy6L/
/4rzvAQRGzRhYmgbW3F/
/A9vrzBGuJJRSLuoD8/
/Ke0tX4d2vve/
/SGOwQkA00x5Ixe14e/
/XGXUrF2z0I/
/dASrd9jE/
/datyusdtyuastbgdasg-23/
/e3ZqQ5WzPBq/
/isUHefbl/
/pEa9vohNq/
/qAbYoo/
/r8YAI2o98o4j0UPn/
/rU8RGhpptOleZ6070J8/
/sSLCY0e/
/txzRH8yyBfH35i/
/vKckKhX11LJ/
atB4nhC3PxhoTrBe7/

# Reference: https://www.virustotal.com/gui/file/9425059d5d3237fc6f4190c59417b93f72648115cc8cb95938830e5d6bb6b3a7/detection

bellaitaliatour.com/gite/YcFHn/
buchhave.net/cache/t82rF5S/
/cache/t82rF5S/
/gite/YcFHn/
/t82rF5S/
/YcFHn/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-17%20Emotet%20(E4)%20IOCs

50-50aravidis.gr/thesi/wmL/
amplamaisbeneficios.com.br/contratos/MWnnZG/
bcingenieria.es/phpmailer/Z7fmcI7Va/
bredabeeld.nl/OLD/eavGp2KOdwXT/
cagataygunes.com.tr/stylesheets/uqK4kfhG4RAuRIA2/
kogelvanger.nl/picture_library/1MNqKan2FhWtQg5Uacu/
osmani.atwebpages.com/wp-content/Ynwrr/
/OLD/eavGp2KOdwXT/
/contratos/MWnnZG/
/phpmailer/Z7fmcI7Va/
/picture_library/1MNqKan2FhWtQg5Uacu/
/stylesheets/uqK4kfhG4RAuRIA2/
/thesi/wmL/
/wp-content/Ynwrr/
/1MNqKan2FhWtQg5Uacu/
/MWnnZG/
/Z7fmcI7Va/
/eavGp2KOdwXT/
/uqK4kfhG4RAuRIA2/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-16%20Emotet%20IOCs

arkidecture.com/vendor/5Ibj6pmUm/
aulavirtualapecc.com/server/qramDt1UIotz/
ausnz.net/2010wc/odSi5tQKkCIXEWl9/
azsiacenter.com/js/sOhmiosLJOgwaP6i5nln/
berekethaber.com/dosyalar/2z6RZL/
bilandecompetences.fr/administrator/3c/
bizztream.com/images/NS85wHTdIY9N5Ay/
blessingsource.com/blessingsource.com/rFQ0Ip6lQXXK/
blessingsource.com/rFQ0Ip6lQXXK/
bostonseafarms.com/images/zPgXFMy8VbKNXtFp/
brittknight.com/PHP/f/
bruiserbodies.com/images/vAj7fuqYe5y9/
buchhave.net/cache/t82rF5S/
calzadoyuyin.com/cgj-bin/uzOOL/
careerplan.host20.uk/images/Ls/
carloshd.com/trulia/4vsUaqQd/
casache.com/web/n3jxwXXwa/
casazulshop.com/Adapter/yJTgSEDEpQvm/
ccalaire.com/wp-admin/d1pGRa0X/
cdimprintpr.com/brochure2/A9NmYDndZ/
ingelse.net/Overview/slWIUhVtK/
wimmergroup.com/home_tours/Pvnw2/
/vendor/5Ibj6pmUm/
/server/qramDt1UIotz/
/2010wc/odSi5tQKkCIXEWl9/
/js/sOhmiosLJOgwaP6i5nln/
/dosyalar/2z6RZL/
/images/NS85wHTdIY9N5Ay/
/blessingsource.com/rFQ0Ip6lQXXK/
/images/zPgXFMy8VbKNXtFp/
/images/vAj7fuqYe5y9/
/cache/t82rF5S/
/cgj-bin/uzOOL/
/trulia/4vsUaqQd/
/web/n3jxwXXwa/
/Adapter/yJTgSEDEpQvm/
/wp-admin/d1pGRa0X/
/brochure2/A9NmYDndZ/
/Overview/slWIUhVtK/
/home_tours/Pvnw2/
/2z6RZL/
/4vsUaqQd/
/5Ibj6pmUm/
/A9NmYDndZ/
/NS85wHTdIY9N5Ay/
/Pvnw2/
/d1pGRa0X/
/n3jxwXXwa/
/odSi5tQKkCIXEWl9/
/qramDt1UIotz/
/rFQ0Ip6lQXXK/
/sOhmiosLJOgwaP6i5nln/
/slWIUhVtK/
/t82rF5S/
/uzOOL/
/vAj7fuqYe5y9/
/yJTgSEDEpQvm/
/zPgXFMy8VbKNXtFp/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_18.03.2022.txt

1.234.21.73:7080
120.50.40.183:80
149.56.128.192:443
160.16.218.63:8080
206.188.212.92:8080
209.250.246.206:443
amautatravel.com/cgi-bin/WhWIic/
bb2play.com/wzzx/ohb2qfuK/
crazy97.com/wp-includes/buF/
olawyer.net/wp-includes/e8jtEIL3lFkImOvd9k/
pianistprodigy.com/demolms/Ax6ZgvEJJ8HEKfXrp/
pregy.org/test/rXTl1DEv0CWCE/
risamfg.com/wp-admin/JtqFQW/
romusreselling.xyz/wordpress/Lgv7VKTvFFuBH8uct2Eq/
s4tiva.com/wp-content/pO/
salnesbici.com/wp-includes/ZD/
tebetdanelon.com.br/wp-content/iVrceXC3knlRRl/
thailand-rocco.com/wp-content/gE7UvFwLh/
thethriftstoreonline.com/wp-includes/6d8iUiRR5/
toyota-used-pickups.com/wp-content/LXVnLNH766/
/cgi-bin/WhWIic/
/demolms/Ax6ZgvEJJ8HEKfXrp/
/test/rXTl1DEv0CWCE/
/wordpress/Lgv7VKTvFFuBH8uct2Eq/
/wp-admin/JtqFQW/
/wp-content/LXVnLNH766/
/wp-content/gE7UvFwLh/
/wp-content/iVrceXC3knlRRl/
/wp-content/pO/
/wp-includes/6d8iUiRR5/
/wp-includes/ZD/
/wp-includes/buF/
/wp-includes/e8jtEIL3lFkImOvd9k/
/wzzx/ohb2qfuK/
/6d8iUiRR5/
/Ax6ZgvEJJ8HEKfXrp/
/JtqFQW/
/LXVnLNH766/
/Lgv7VKTvFFuBH8uct2Eq/
/WhWIic/
/e8jtEIL3lFkImOvd9k/
/gE7UvFwLh/
/iVrceXC3knlRRl/
/rXTl1DEv0CWCE/
/wzzx/ohb2qfuK/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_18.03.2022.txt

103.133.214.242:8080
103.82.248.59:7080
121.78.112.42:8080
188.166.229.148:443
2.58.16.87:8080
202.28.34.99:8080
36.67.23.59:443
80.211.107.116:8080
ausnz.net/2010wc/RhAYVPNypjphNNk6J/
belisip.net/libs/Swift-5.1.0/F5XU7EuPePQ/
blog.centerking.top/wp-includes/WEIuPafz0bS/
edu-media.cn/wp-admin/TOu/
ppiabanyuwangi.or.id/lulu-1937/daURDNUyso/
acerestoration.co.za/wp-admin/gJqMBYhQHYsDE/
lydt.cc/wp-includes/jprpcO8U/
/2010wc/RhAYVPNypjphNNk6J/
/lulu-1937/daURDNUyso/
/wp-admin/gJqMBYhQHYsDE/
/wp-includes/WEIuPafz0bS/
/wp-includes/jprpcO8U/
/RhAYVPNypjphNNk6J/
/WEIuPafz0bS/
/daURDNUyso/
/gJqMBYhQHYsDE/
/jprpcO8U/
/lulu-1937/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_10.03.2022.txt

http://103.85.95.5
http://185.187.70.35
http://185.210.144.149
http://188.166.245.112
http://45.76.178.115
13cuero.com/wp-admin/ff5srrfTNsCju6sD3/
abinsk.com/cgi-bin/fm63rXkG5Y/
academicinst.com/wp-includes/44ZVeVQBkeOG/
agnesleung.com/raw.backup/j4ry/
agretto.com/Template/ziasuz5w8pS08Gm2/
ajaxmatters.com/c7g8t/kYHGlphIEPNOImddm1/
henrysfreshroast.com/0Rq5zobAZB/
lifebotl.com/Response/WllkQWM/
livejagat.com/h/SjpRvD/
/Response/WllkQWM/
/Template/ziasuz5w8pS08Gm2/
/c7g8t/kYHGlphIEPNOImddm1/
/cgi-bin/fm63rXkG5Y/
/h/SjpRvD/
/raw.backup/j4ry/
/sample_sticker/tihOPhaF1l0V/
/sipadu/eFi8UiJETZiK1FB/
/uploads/87DtpAEZULSccOn/
/wordpress_bo/srvoaI2MBFc/
/wp-admin/ff5srrfTNsCju6sD3/
/wp-includes/44ZVeVQBkeOG/
/0Rq5zobAZB/
/44ZVeVQBkeOG/
/87DtpAEZULSccOn/
/WllkQWM/
/eFi8UiJETZiK1FB/
/ff5srrfTNsCju6sD3/
/fm63rXkG5Y/
/h/SjpRvD/
/kYHGlphIEPNOImddm1/
/srvoaI2MBFc/
/tihOPhaF1l0V/
/ziasuz5w8pS08Gm2/

# Reference: https://www.virustotal.com/gui/file/009691eac43a379cfb16af76765628fa7b5edd661f15269473810499069e0703/detection

agapewilderness.com/wordpress/cj5O/
ruskinc.com/7k2ql/zmIt/
/7k2ql/zmIt/
/wordpress/cj5O/

# Reference: https://twitter.com/0xhido/status/1506579383020310528

1.234.65.61:7080
119.59.125.140:8080

# Reference: https://tria.ge/220324-y4jmtadhh5

51.91.76.89:8080
70.36.102.35:443
92.240.254.110:8080
cornerstonecreativestudios.com/boards/ilsFKKHH7GaR/
csm101.com/transam/T7wblKicmeBabj2h/
dacentec2.layeredserver.com/speedtest/yjnnw/
datie-tw.com/test/yXPr0DO/
/boards/ilsFKKHH7GaR/
/transam/T7wblKicmeBabj2h/
/speedtest/yjnnw/
/test/yXPr0DO/
/ilsFKKHH7GaR/
/T7wblKicmeBabj2h/
/yXPr0DO/

# Reference: https://www.virustotal.com/gui/file/02078a3ed9664ff38d9f608449ad383be31431ac3c6116a437ff43c55c6d6999/detection

148.103.9.108:53
70.119.159.214:443
hopeintlschool.org/FQ9AFMoF8GZKwyVvg_GC/
/FQ9AFMoF8GZKwyVvg_GC/

# Reference: https://www.virustotal.com/gui/file/9b549e9ae691f8b583596b3a513ca77624517277b8ce18a5379e2a75604cd6aa/detection

138.197.109.175:8080
187.84.80.182:443
189.232.46.161:443
213.128.75.146:80
45.176.232.125:443
79.143.187.147:443
81.95.101.8:443
garantihaliyikama.com/wp-admin/FjgB6I/
/wp-admin/FjgB6I/

# Reference: https://twitter.com/abel1ma/status/1509657141409611778

103.132.242.26:8080
104.131.11.205:443

# Reference: https://www.virustotal.com/gui/file/edad1240602c1c0ea6e29f8b5848f75e5b5f9a7f252126a06a734542ca97e4aa/detection

http://80.78.25.223

# Reference: https://twitter.com/netresec/status/1511267811825442822
# Reference: https://www.virustotal.com/gui/file/00af88203038a866f2314666e7d5133053d271922534cab85306c46d52a50f34/detection

142.93.76.76:7080
94.177.178.26:8080

# Reference: https://twitter.com/abel1ma/status/1511295201268355076

149.56.131.28:8080
185.4.135.165:8080
217.182.78.224:443
27.54.89.58:8080

# Reference: https://twitter.com/0xhido/status/1512012062603546626

etsversailles.net/webroot/ZEurBsC2H3soeiFbyeQ/
globoagronegocios.com.br/style/KEJQWXf2b9thskc5cV/
hr.devsrm.com/wp-content/Jk6gOcQOpRWGwL/
teamdriversonly.com/wp-admin/eF7AJ/
/style/KEJQWXf2b9thskc5cV/
/webroot/ZEurBsC2H3soeiFbyeQ/
/wp-content/Jk6gOcQOpRWGwL/
/wp-admin/eF7AJ/
/Jk6gOcQOpRWGwL/
/KEJQWXf2b9thskc5cV/
/ZEurBsC2H3soeiFbyeQ/

# Reference: https://twitter.com/Artilllerie/status/1516368959322349575
# Reference: https://0paste.com/367536

103.70.28.102:8080
104.168.154.79:8080
134.122.66.193:8080
134.195.212.50:7080
138.197.147.101:443
160.16.142.56:8080
167.172.253.162:8080
172.104.251.154:8080
183.111.227.137:8080
201.94.166.162:443
206.189.28.199:8080
45.235.8.30:8080
91.207.28.33:8080
94.23.45.86:4143

# Reference: https://twitter.com/phage_nz/status/1516967915165167616
# Reference: https://pastebin.com/raw/vFpr9mAa

138.201.142.73:8080
209.97.163.214:443
djunreal.co.uk/site/ApOKpFad/
fpd.cl/cgi-bin/N/
gandhitoday.org/video/6JvA8/
genccagdas.com.tr/assets/doWHIxLe7e/
grafischer.ch/fit-well/wDPTwKtZPoWL12/
johnsonsmedia.it/img/ZBNk0xpRL8YEVl/
/assets/doWHIxLe7e/
/fit-well/wDPTwKtZPoWL12/
/img/ZBNk0xpRL8YEVl/
/site/ApOKpFad/
/ApOKpFad/
/doWHIxLe7e/
/wDPTwKtZPoWL12/
/ZBNk0xpRL8YEVl/

# Reference: https://twitter.com/Cryptolaemus1/status/1517251752743301120

ciencias-exactas.com.ar/old/Bupubz1trh/
counteract.com.br/wp-admin/WWcACJFy3Yn/
creemo.pl/wp-admin/0uDUHJ4KVAw/
dancefox24.de/templates/owT/
focusmedica.in/fmlib/TYiQdcEj9FW0/
/old/Bupubz1trh/
/wp-admin/WWcACJFy3Yn/
/wp-admin/0uDUHJ4KVAw/
/templates/owT/
/fmlib/TYiQdcEj9FW0/
/0uDUHJ4KVAw/
/Bupubz1trh/
/TYiQdcEj9FW0/
/WWcACJFy3Yn/

# Reference: https://twitter.com/Cryptolaemus1/status/1517521562366185472

ecube.com.mx/e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/
edoraseguros.com.br/cgi-bin/l7ZERv5deNsfzlZUZ/
sanoma.allrent.nl/cgi-bin/KXbI5OhLJ/
/e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/
/cgi-bin/l7ZERv5deNsfzlZUZ/
/cgi-bin/KXbI5OhLJ/
/6wp2K4sfQmVIRy6ZvdiH/
/e2oCWBnC/
/KXbI5OhLJ/
/l7ZERv5deNsfzlZUZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1517528579042512898

fpd.cl/cgi-bin/83E0xgTMc/
el-energiaki.gr/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/
manchesterslt.co.uk/a-to-z-of-slt/Ntrci3Ry/
contactworks.nl/layouts/fFxKZabh/
baykusoglu.com.tr/wp-admin/Y3sRBcOfZ34wg2sO/
ceibadiseno.com.mx/brochure/kBuNjsECS9y2gRB6xaC/
/a-to-z-of-slt/Ntrci3Ry/
/brochure/kBuNjsECS9y2gRB6xaC/
/cgi-bin/83E0xgTMc/
/layouts/fFxKZabh/
/wp-admin/Y3sRBcOfZ34wg2sO/
/wp-content/plugins/really-simple-ssl/testssl/serverport443/WUV5PJA/
/83E0xgTMc/
/Ntrci3Ry/
/WUV5PJA/
/Y3sRBcOfZ34wg2sO/
/a-to-z-of-slt/
/fFxKZabh/
/kBuNjsECS9y2gRB6xaC/

# Reference: https://twitter.com/Cryptolaemus1/status/1517627882574848000

eznetb.synology.me
bencevendeghaz.hu/wp-includes/90vlsYW5JIjZ/
dacentec2.layeredserver.com/speedtest/WdJzQRE9Ghvs/
darksword.nl/awstats/ZqVnU5ol/
ftp.ciplafe.com.br/ALT/3wdBYJepRV/
reneetten.nl/contact-formulier/tvzATnImFMNf20rc7/
vip-clinic.razrabotka.by/about_center/LMtBTcLH0pH1oPhi9/
/ALT/3wdBYJepRV/
/about_center/LMtBTcLH0pH1oPhi9/
/awstats/ZqVnU5ol/
/contact-formulier/tvzATnImFMNf20rc7/
/speedtest/WdJzQRE9Ghvs/
/wp-includes/90vlsYW5JIjZ/
/3wdBYJepRV/
/90vlsYW5JIjZ/
/LMtBTcLH0pH1oPhi9/
/WdJzQRE9Ghvs/
/ZqVnU5ol/
/tvzATnImFMNf20rc7/

# Reference: https://twitter.com/Cryptolaemus1/status/1518594806917697536

cipro.mx/prensa/siZP69rBFmibDvuTP1L/
colegiounamuno.es/cgi-bin/E/
creemo.pl/wp-admin/ZKS1DcdquUT4Bb8Kb/
demo34.ckg.hk/service/hhMZrfC7Mnm9JD/
filmmogzivota.rs/SpryAssets/gDR/
focusmedica.in/fmlib/IxBABMh0I2cLM3qq1GVv/
/SpryAssets/gDR/
/fmlib/IxBABMh0I2cLM3qq1GVv/
/prensa/siZP69rBFmibDvuTP1L/
/service/hhMZrfC7Mnm9JD/
/wp-admin/ZKS1DcdquUT4Bb8Kb/
/IxBABMh0I2cLM3qq1GVv/
/SpryAssets/
/ZKS1DcdquUT4Bb8Kb/
/hhMZrfC7Mnm9JD/
/siZP69rBFmibDvuTP1L/

# Reference: https://twitter.com/Cryptolaemus1/status/1518877445968908288

7gallery.com/bbeauty_download/HpOjrjExAb6PY/
clubmanager.net.ar/prueba/7llR9qWfQdqlnImliUE/
dwwmaster.com/wp-content/tfNs1crHYZd6F5/
e5web.com.br/wp-content/4TPDUppb/
farschid.de/verkaufsberater_service/uADJw/
kupondigital.stormapp.in/mido-nicu/9NSRCfZB/
/bbeauty_download/HpOjrjExAb6PY/
/mido-nicu/9NSRCfZB/
/prueba/7llR9qWfQdqlnImliUE/
/verkaufsberater_service/uADJw/
/wp-content/4TPDUppb/
/wp-content/tfNs1crHYZd6F5/
/4TPDUppb/
/7llR9qWfQdqlnImliUE/
/9NSRCfZB/
/HpOjrjExAb6PY/
/tfNs1crHYZd6F5/

# Reference: https://twitter.com/Cryptolaemus1/status/1518921572458786817

http://188.166.245.112
http://47.244.189.73
al-brik.com/vb/EBB7FuaWnJm/
bulldogironworksllc.com/temp/6UyNu8/
dnautik.com/wp-includes/vTARHRKHjRqkGKU/
mymicrogreen.mightcode.com/Fox-C/hlHV/
/--/er2yA5LkRcXrT0Q/
/Fox-C/hlHV/
/temp/6UyNu8/
/template/Ryk/
/vb/EBB7FuaWnJm/
/wp-includes/vTARHRKHjRqkGKU/
/6UyNu8/
/EBB7FuaWnJm/
/er2yA5LkRcXrT0Q/
/vTARHRKHjRqkGKU/

# Reference: https://twitter.com/Cryptolaemus1/status/1518973102515908613

http://51.222.72.237
vrstar-park.com/wp-includes/2UYhNgIaNeIBM/
dn000893.ferozo.com/agenda/ckU4orOn4/
dlqsclub.com/wp-content/uploads/4ImMYkgI44psweaKI/
towardsun.net/admin/n56wg9bSZPF/
crecercreando.com/tapas2/AWlo/
/admin/n56wg9bSZPF/
/agenda/ckU4orOn4/
/tapas2/AWlo/
/uploads/4ImMYkgI44psweaKI/
/wp-includes/2UYhNgIaNeIBM/
/wp-includes/2l92XulnC6aZzv0jNGN/
/2l92XulnC6aZzv0jNGN/
/2UYhNgIaNeIBM/
/4ImMYkgI44psweaKI/
/ckU4orOn4/
/n56wg9bSZPF/

# Reference: https://twitter.com/ScarletSharkSec/status/1517505050129616896

escueladecinemza.com.ar/_installation/IBlj/
/_installation/IBlj/

# Reference: https://twitter.com/Cryptolaemus1/status/1519038935980470272

anat-bar.co.il/wp-admin/D6Lis5CtrMdurM/
bencevendeghaz.hu/wp-includes/iUWvUNq/
brendancleary.net/images/oILEJxOb021OghGdxs/
edoraseguros.com.br/cgi-bin/mh3MMGKfhXtJ/
hmeng.co.uk/cgi-bin/H/
reneetten.nl/Menu/XNMhx6nSnnpp8aZzk/
/cgi-bin/mh3MMGKfhXtJ/
/images/oILEJxOb021OghGdxs/
/Menu/XNMhx6nSnnpp8aZzk/
/wp-admin/D6Lis5CtrMdurM/
/wp-includes/iUWvUNq/
/D6Lis5CtrMdurM/
/XNMhx6nSnnpp8aZzk/
/iUWvUNq/
/mh3MMGKfhXtJ/
/oILEJxOb021OghGdxs/

# Reference: https://twitter.com/Cryptolaemus1/status/1519073535955976192

agenciaml.com.br/cgi-bin/dgAqqwwIeejxNozI/
ceibadiseno.com.mx/brochure/5bH/
danialteb.com/wp-admin/2V8H/
demo.cansunoto.com/wp-admin/XyGLg1/
fpd.cl/cgi-bin/8Cwqi8/
/cgi-bin/8Cwqi8/
/cgi-bin/dgAqqwwIeejxNozI/
/uploads/g5QMC5XVlj/
/wp-admin/XyGLg1/
/dgAqqwwIeejxNozI/
/g5QMC5XVlj/
/XyGLg1/

# Reference: https://twitter.com/Cryptolaemus1/status/1519219898182148096

nenlineasv.com/encasa/qnKqfcj4q/
homeeflyer.com/7photo2/PiLGiTrLqCWuoRr6/
txpcrescue.com/cgi-bin/j6dLSsv1R82q7vAUYlC/
boxtelreport.com/biin/P0ra/
allamapianoawards.com/quisint/acTtbOgh/
/7photo2/PiLGiTrLqCWuoRr6/
/biin/P0ra/
/cgi-bin/j6dLSsv1R82q7vAUYlC/
/encasa/qnKqfcj4q/
/quisint/acTtbOgh/
/acTtbOgh/
/j6dLSsv1R82q7vAUYlC/
/PiLGiTrLqCWuoRr6/
/qnKqfcj4q/

# Reference: https://twitter.com/Cryptolaemus1/status/1519304698825953280
# Reference: https://twitter.com/Cryptolaemus1/status/1519240532366479360

damiris.ro/img/QJ1iNu9KooBeLTN08srJ/
garagewestrotterdam.nl/wp-includes/6BYbSEM/
geowf.ge/templates/TlbsO1F7p/
holidayonehotel.com/libraries/tVTlV5bTLT4dtj/
kustens.com/A-Kus/stoyH/
/A-Kus/stoyH/
/img/QJ1iNu9KooBeLTN08srJ/
/libraries/tVTlV5bTLT4dtj/
/templates/TlbsO1F7p/
/wp-includes/6BYbSEM/
/6BYbSEM/
/QJ1iNu9KooBeLTN08srJ/
/TlbsO1F7p/
/tVTlV5bTLT4dtj/

# Reference: https://twitter.com/Cryptolaemus1/status/1520060381342797824
# Reference: https://twitter.com/Cryptolaemus1/status/1520050490503221249
# Reference: https://twitter.com/Cryptolaemus1/status/1519990443395944449
# Reference: https://twitter.com/Cryptolaemus1/status/1519662866273497088
# Reference: https://twitter.com/Cryptolaemus1/status/1519662865195896832
# Reference: https://twitter.com/Max_Mal_/status/1519797858681208832
# Reference: https://twitter.com/Max_Mal_/status/1519599847174807553

77homolog.com.br/dev-jealves/GP55wbYNXnp6/
ciencias-exactas.com.ar/old/w/
clearconstruction.co.uk/scripts/Ev5IXoBvFJkBQ0MZXb/
clubmanager.net.ar/prueba/VNqsx368FHqKK/
ecoarch.com.tw/cgi-bin/E/
farschid.de/verkaufsberater_service/OZRw36a2y1CH2clUzY/
filmmogzivota.rs/SpryAssets/or24hhBl2Ib8704SDO/
galaxy-catering.com.vn/galxy/Fg1vvhlYJ/
geowf.ge/templates/pJRea3Iu3wG/
gerontogeriatria.org/tmp/cB6cgTVfyyZ3b1w9d/
gmhealthcare.dothome.co.kr/css/RT6FG9/
gnr.gtu.ge/admin/yKgYN2K0mYY/
graduate.cmru.ac.th/web53photo/anKeOTOIYXxzOtlIS9D/
granhoteldiligencias.com.mx/api/ga/
greezly.fr/wp-content/O8R1VyRi16XqKCgoeTK/
grupobatistella.com.br/wp-content/bV2JMWZz/
gummerup.dk/modlogan/DAbeNM/
hangaryapi.com.tr/wp-admin/5n42ncL3nWMbJHwy7/
hcsnet.com.br/wp-content/emmK/
heaventechnologies.com.pk/apitest/1r8uV/
hepsisifa.com/wp-admin/k/
hilse.me/wp-content/DTN/
hkwindsacademy.synology.me/◎eaDir/qH2EHuvYVoJEJ2/
ho280319001.hogibo.net/include/tgQwxic4QwuM/
hoccu.vn/components/gMXyb7/
mymicrogreen.mightcode.com/Fox-C/nhMYwkFXB/
towardsun.net/admin/8NW2TJePs8dZhb/
/admin/8NW2TJePs8dZhb/
/admin/yKgYN2K0mYY/
/components/gMXyb7/
/dev-jealves/GP55wbYNXnp6/
/Fox-C/nhMYwkFXB/
/galxy/Fg1vvhlYJ/
/include/tgQwxic4QwuM/
/modlogan/DAbeNM/
/prueba/VNqsx368FHqKK/
/scripts/Ev5IXoBvFJkBQ0MZXb/
/SpryAssets/or24hhBl2Ib8704SDO/
/templates/pJRea3Iu3wG/
/tmp/cB6cgTVfyyZ3b1w9d/
/verkaufsberater_service/OZRw36a2y1CH2clUzY/
/web53photo/anKeOTOIYXxzOtlIS9D/
/wp-admin/5n42ncL3nWMbJHwy7/
/wp-content/bV2JMWZz/
/wp-content/O8R1VyRi16XqKCgoeTK/
/◎eaDir/qH2EHuvYVoJEJ2/
/5n42ncL3nWMbJHwy7/
/8NW2TJePs8dZhb/
/anKeOTOIYXxzOtlIS9D/
/bV2JMWZz/
/cB6cgTVfyyZ3b1w9d/
/DAbeNM/
/Ev5IXoBvFJkBQ0MZXb/
/Fg1vvhlYJ/
/gMXyb7/
/GP55wbYNXnp6/
/nhMYwkFXB/
/O8R1VyRi16XqKCgoeTK/
/or24hhBl2Ib8704SDO/
/OZRw36a2y1CH2clUzY/
/pJRea3Iu3wG/
/qH2EHuvYVoJEJ2/
/tgQwxic4QwuM/
/VNqsx368FHqKK/
/yKgYN2K0mYY/

# Reference: https://twitter.com/Max_Mal_/status/1521250144297099265

hkwindsacademy.synology.me/@\eaDir/qH2EHuvYVoJEJ2/
/@\eaDir/qH2EHuvYVoJEJ2/
/@\eaDir/
/qH2EHuvYVoJEJ2/

# Reference: https://www.netskope.com/blog/emotet-new-delivery-mechanism-to-bypass-vba-protection
# Reference: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Emotet/IOCs/2022-05-06
# Reference: https://otx.alienvault.com/pulse/627a83c015db5d4d97dc6779

176.31.73.90:443
45.76.159.214:8080
77.81.247.144:8080
79.137.35.198:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1524431683516125184

dulichdichvu.net/libraries/QhtrjCZymLp5EbqOdpKk/
easiercommunications.com/wp-content/w/
genccagdas.com.tr/assets/TTHOm833iNn3BxT/
goonboy.com/goonie/bSFz7Av/
heaventechnologies.com.pk/apitest/xdeAU0rx26LT9I/
whow.fr/wp-includes/H54Fgj0tG/
/apitest/xdeAU0rx26LT9I/
/assets/TTHOm833iNn3BxT/
/goonie/bSFz7Av/
/libraries/QhtrjCZymLp5EbqOdpKk/
/wp-includes/H54Fgj0tG/
/H54Fgj0tG/
/QhtrjCZymLp5EbqOdpKk/
/TTHOm833iNn3BxT/
/bSFz7Av/
/xdeAU0rx26LT9I/

# Reference: https://www.virustotal.com/gui/file/49fe6395e87da8ec4b62d99f57ad4d32c2b915fedd15927d217099144b84c5ba/detection

hoccu.vn/components/gMXyb7/
gummerup.dk/modlogan/DAbeNM/
sunvn.net/x1OrRZcf/onIpchhYNy4wy9f4/
/components/gMXyb7/
/modlogan/DAbeNM/
/x1OrRZcf/onIpchhYNy4wy9f4/
/onIpchhYNy4wy9f4/
/x1OrRZcf/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_11.05.2022.txt

150.95.66.124:8080
63.142.250.212:443

# Reference: https://twitter.com/Cryptolaemus1/status/1524655241081200643

clasite.com/blogs/uaWi/
cmglogistics.com.vn/wp-admin/NJrRcKGdAjwfU/
cubicegg.asia/pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/
ipasvisr.it/Backup_Infe/1X3YMGt/
ismarttechnologies.com/blogs/3futwjfvdLuL3YCI/
simadelicatessen.nl/cgi-bin/SRnme/
/Backup_Infe/1X3YMGt/
/blogs/3futwjfvdLuL3YCI/
/blogs/uaWi/
/cgi-bin/SRnme/
/pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/
/wp-admin/NJrRcKGdAjwfU/
/1X3YMGt/
/3futwjfvdLuL3YCI/
/NJrRcKGdAjwfU/
/bBq4ILmzfKIoAmwnLP/
/pKUVQsfSHB/

# Reference: https://twitter.com/Cryptolaemus1/status/1524773982645354496

inelmsur.com.ec/wp-content/IMKHcKOac2PJTF/
japlatec.com/page/sAnfptTN0J4pw4S6B1Y/
jarce.cl/E-tisalat_Ebill-P/9R3WxKL/
jbhydroseed.com.au/cgi-bin/I0yR8Zp6sx64BOC/
jestteesn.com/YxmIz4SnR0E6dCiN/ChhitVVPogeiM/
jgmsmetr.com/application/R5iQ00PmNv2/
/E-tisalat_Ebill-P/9R3WxKL/
/YxmIz4SnR0E6dCiN/ChhitVVPogeiM/
/application/R5iQ00PmNv2/
/cgi-bin/I0yR8Zp6sx64BOC/
/page/sAnfptTN0J4pw4S6B1Y/
/wp-content/IMKHcKOac2PJTF/
/9R3WxKL/
/ChhitVVPogeiM/
/E-tisalat_Ebill-P/
/I0yR8Zp6sx64BOC/
/IMKHcKOac2PJTF/
/R5iQ00PmNv2/
/YxmIz4SnR0E6dCiN/
/sAnfptTN0J4pw4S6B1Y/

# Reference: https://twitter.com/Cryptolaemus1/status/1525015051630891008

bulldogironworksllc.com/temp/nX6/
datainline.com/aspnet_client/25T/
gnnmuebles.com/repellatdoloremque/XGc7rXmnrdSO/
i-dots.com/image/8C7AwiFZmI1p/
icscompany.com.mx/test/BoLUIEXHqbIK/
ikbenpink.be/cgi-bin/BqktrNSbby9ohP3rxVA/
ilriparatutto.eu/tmp/ri8HKij3z0YO1RKHzbc/
images.lolapix.com/fr/JPiKR1gFN6fIA4Zec/
imenikala.com/wp-admin/vyjYPEc/
ipcity.gr/system/Ztl5THkaQj/
seasidesolutions.com/cgi-bin/ZgCPcorl4dA2G/
/cgi-bin/BqktrNSbby9ohP3rxVA/
/cgi-bin/ZgCPcorl4dA2G/
/fr/JPiKR1gFN6fIA4Zec/
/image/8C7AwiFZmI1p/
/repellatdoloremque/XGc7rXmnrdSO/
/system/Ztl5THkaQj/
/test/BoLUIEXHqbIK/
/tmp/ri8HKij3z0YO1RKHzbc/
/wp-admin/vyjYPEc/
/8C7AwiFZmI1p/
/BoLUIEXHqbIK/
/BqktrNSbby9ohP3rxVA/
/JPiKR1gFN6fIA4Zec/
/XGc7rXmnrdSO/
/ZgCPcorl4dA2G/
/Ztl5THkaQj/
/repellatdoloremque/
/ri8HKij3z0YO1RKHzbc/
/vyjYPEc/

# Reference: https://twitter.com/Cryptolaemus1/status/1524854481451909120

ijsclub-de-volharding.nl/Contact/02tLuEpm/
invisible-hush.org/crichton/N/
irishcarsagadir.net/n3rz4Y9rscfwluelvDV/LqxCq/
itnbg.com/wp-includes/b4aZTW/
/Contact/02tLuEpm/
/n3rz4Y9rscfwluelvDV/LqxCq/
/wp-includes/b4aZTW/
/02tLuEpm/
/n3rz4Y9rscfwluelvDV/

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1525433866760204293
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1525434269606322182
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1525433917049905154

dl.choobingroup.ir/download/Y5gYlH5i6HQwmPktZgc/
hulbaek.com/yKaq/
jhocantemperos.com.br/wp-includes/NDL2YgHPT/
jimenanogueira.uy/wp-includes/ICV3/
/download/Y5gYlH5i6HQwmPktZgc/
/wp-includes/ICV3/
/wp-includes/NDL2YgHPT/
/NDL2YgHPT/
/Y5gYlH5i6HQwmPktZgc/

# Reference: https://gist.github.com/c3rb3ru5d3d53c/67389824a6f1abff32dedb3cc31a5e34

dl5.zahra-media.ir/dl5.zahra-media.ir/roYgjVHpS/
druck-grafik.at/images/fHb4XJM/
edoraseguros.com.br/cgi-bin/ySH8/
hotelmourya.com/aspnet_client/bYgwNXnkq/
isblokken.dk/timelog/V0LK/
jackholland.eu/flashshoot/A1sVGeUdOmXpPeof/
jimdurain.dk/page4/Z1WgiqhBHkq69IULjWSl/
reneetten.nl/Menu/RBjbO/
/images/fHb4XJM/
/cgi-bin/ySH8/
/aspnet_client/bYgwNXnkq/
/timelog/V0LK/
/flashshoot/A1sVGeUdOmXpPeof/
/page4/Z1WgiqhBHkq69IULjWSl/
/Menu/RBjbO/
/A1sVGeUdOmXpPeof/
/bYgwNXnkq/
/fHb4XJM/
/roYgjVHpS/
/Z1WgiqhBHkq69IULjWSl/

# Reference: https://twitter.com/Cryptolaemus1/status/1525072757020852224

hostal-alfonso12.com/clases/SKtPvv/
howesitgoing.com/images/HyaDnlbl6K7tbh2Lugys/
iciee.untirta.ac.id/test/GccRw/
ideoso.com.tw/cgi-bin/zLrnBd2Eg1N3UVy5yL/
inteirado.com.br/fonts/7dJCVvuE5x3YrGQs2oJz/
jdserralheria.com.br/cgi-bin/KFG6/
/clases/SKtPvv/
/cgi-bin/KFG6/
/cgi-bin/zLrnBd2Eg1N3UVy5yL/
/fonts/7dJCVvuE5x3YrGQs2oJz/
/images/HyaDnlbl6K7tbh2Lugys/
/test/GccRw/
/7dJCVvuE5x3YrGQs2oJz/
/HyaDnlbl6K7tbh2Lugys/
/zLrnBd2Eg1N3UVy5yL/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-13%20Emotet%20(E4)%20IOCs

102.222.215.74:443
163.44.196.120:8080
23.239.0.12:443
213.241.20.155:443
flash-inc.com/group/igirl/css/QqoV/
ipabogados.cl/js/hhHW8ClD2j7sYcSkNu/
ikatemia.untirta.ac.id/assets/VT/
wifi.hotspot.mg/js/xe70zw8/
hospitaldesitges.cat/OLD_BORRAR/ceCC6SPMue/
janla.dk/Index_htm_files/Hl/
/js/hhHW8ClD2j7sYcSkNu/
/OLD_BORRAR/ceCC6SPMue/
/ceCC6SPMue/
/hhHW8ClD2j7sYcSkNu/

# Reference: https://twitter.com/Cryptolaemus1/status/1526135364838051840

cesasin.com.ar/administrator/PFKcheVl8lsK0NW1y4vZ/
dl.choobingroup.ir/download/I7FnbzONJuj/
dl5.zahra-media.ir/dl5.zahra-media.ir/vJd6L/
flash-inc.com/group/igirl/css/MhzfDBJ0/
ict-qs.nl/tmp/dGh3RsLufJ4bF7hIR6RO/
identidadenaweb.com.br/cgi-bin/WhUzWbySU6HVi3/
/administrator/PFKcheVl8lsK0NW1y4vZ/
/cgi-bin/WhUzWbySU6HVi3/
/css/MhzfDBJ0/
/download/I7FnbzONJuj/
/tmp/dGh3RsLufJ4bF7hIR6RO/
/I7FnbzONJuj/
/MhzfDBJ0/
/PFKcheVl8lsK0NW1y4vZ/
/WhUzWbySU6HVi3/
/dGh3RsLufJ4bF7hIR6RO/

# Reference: https://twitter.com/Cryptolaemus1/status/1526133950447763456

3dstudioa.com.br/cgi-bin/yWpon1Nd03l/
anat-bar.co.il/wp-admin/kZarrjJN148onRnRi/
bencevendeghaz.hu/wp-includes/cLrqBIwf8C/
claudioavelar.adv.br/Revista/JljahSR26i5k/
hullsite.com/0a61/nm6lxocqt/
ppiabanyuwangi.or.id/wp-admin/3Se7giNXt7ZCHG/
/0a61/nm6lxocqt/
/Revista/JljahSR26i5k/
/cgi-bin/yWpon1Nd03l/
/wp-admin/3Se7giNXt7ZCHG/
/wp-admin/kZarrjJN148onRnRi/
/wp-includes/cLrqBIwf8C/
/3Se7giNXt7ZCHG/
/JljahSR26i5k/
/cLrqBIwf8C/
/kZarrjJN148onRnRi/
/nm6lxocqt/
/yWpon1Nd03l/

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_18.05.2022.txt
# Reference: https://github.com/pr0xylife/Emotet/blob/main/e5_emotet_18.05.2022.txt

103.43.75.120:443
103.56.149.105:8080
103.8.26.17:8080
103.85.95.4:8080
104.248.225.227:8080
110.235.83.107:7080
113.59.252.140:36286
116.64.52.198:22668
134.122.119.23:8080
152.136.229.39:8080
159.65.140.115:443
172.105.70.96:443
173.239.37.178:8080
175.126.176.79:8080
178.62.112.199:8080
18.191.122.164:4987
188.225.32.231:4143
188.44.20.25:443
26.19.105.199:26580
27.55.166.48:19567
31.238.181.227:13139
32.53.89.86:40407
51.68.141.164:8080
55.74.152.152:37910
61.87.190.176:45536
68.183.91.111:8080
70.11.238.157:53347
73.238.38.64:44958
89.29.244.7:443
97.67.147.111:40652
borgelin.org/belzebub/okwRWz1C/
bosny.com/aspnet_client/rnMp0ofR/
ceibadiseno.com.mx/brochure/abrtvpK/
easiercommunications.com/wp-content/09i4dfKbpiuj8k/
goodfriendsdriving.com/createschedule/F0jGvgTiFAMRh2Tr8HL/
jonhrach.com/V2/5pisNbarrVm/
joyaargent.cl/assets/AUgGyJgrA7GGKroQQp/
judy.gotchahosting.com/wp-admin/hMZt/
juicedmarketing.co.uk/wp-includes/j1anUZz/
justplay.asia/google/2LE/
keltonconstruction.com/_vti_bin/DFNorq/
loa-hk.com/wp-content/ffBag/
lopespublicidade.com/cgi-bin/e5R5oG4iEaQnxQrZDh/
medreg.uz/Docs/1kj8refeLdotQee2f/
mistchem.com/wp-admin/qcgRq15U9PNBc4z/
msndesign.nl/libraries/c8NvFU14/
musculation-esisa.fr/css/iU2SYlfYxsk/
muslimproperty.co.uk/cgi-in/8lS/
oftalmocity.com/wp-admin/xDjDiXhcS/
omarhospital.com/wp-content/Ved4BBJms7gwl2/
oreidogoogle.com.br/erros/3KUm45ZCCW0T1V/
perlasmarinhas.com.br/wp-includes/ywMovPUTPlTzd6c/
praachichemfood.com/wp-content/Mwmos/
puntamimarlik.com.tr/wp-admin/9IW7L1gKwWOoNQREJ6/
seasidesolutions.com/cgi-bin/WLoO6sEzYCJ3LTlC/
thepublicelection.com/wp-includes/0AEt8wRWroIJmVgEjZC/
wanderlustphtravel.com/cgi-bin/QphfoQq4t/
yamada-shoshi.main.jp/yamada-shoshi/lg1/
/_vti_bin/DFNorq/
/aspnet_client/rnMp0ofR/
/assets/AUgGyJgrA7GGKroQQp/
/belzebub/okwRWz1C/
/brochure/abrtvpK/
/cgi-bin/e5R5oG4iEaQnxQrZDh/
/cgi-bin/QphfoQq4t/
/cgi-bin/WLoO6sEzYCJ3LTlC/
/createschedule/F0jGvgTiFAMRh2Tr8HL/
/css/iU2SYlfYxsk/
/Docs/1kj8refeLdotQee2f/
/erros/3KUm45ZCCW0T1V/
/libraries/c8NvFU14/
/V2/5pisNbarrVm/
/wp-admin/9IW7L1gKwWOoNQREJ6/
/wp-admin/hMZt/
/wp-admin/qcgRq15U9PNBc4z/
/wp-admin/xDjDiXhcS/
/wp-content/09i4dfKbpiuj8k/
/wp-content/ffBag/
/wp-content/Mwmos/
/wp-content/Ved4BBJms7gwl2/
/wp-includes/0AEt8wRWroIJmVgEjZC/
/wp-includes/j1anUZz/
/wp-includes/ywMovPUTPlTzd6c/
/09i4dfKbpiuj8k/
/0AEt8wRWroIJmVgEjZC/
/1kj8refeLdotQee2f/
/3KUm45ZCCW0T1V/
/5pisNbarrVm/
/9IW7L1gKwWOoNQREJ6/
/AUgGyJgrA7GGKroQQp/
/c8NvFU14/
/e5R5oG4iEaQnxQrZDh/
/F0jGvgTiFAMRh2Tr8HL/
/iU2SYlfYxsk/
/j1anUZz/
/okwRWz1C/
/qcgRq15U9PNBc4z/
/QphfoQq4t/
/rnMp0ofR/
/Ved4BBJms7gwl2/
/WLoO6sEzYCJ3LTlC/
/xDjDiXhcS/
/ywMovPUTPlTzd6c/

# Reference: https://twitter.com/Cryptolaemus1/status/1526455588342812672

elamurray.com/cgi-bin/sPgG8g/
mgmeurope.sk/dwl/rrqU9XYAzgAVneYOhI/
microlent.com/admin/GgoC/
mississaugataxi.com/wp-admin/KVoCiQwgjrtavei4x/
mivaria.com/owl-carousel/E6pKFPlGuUW3/
mobilhondabandung.net/ssti/yYrvmJgjpFHHe/
mosbiresources.com/cgi-bin/bTupw38RZHxXK2Web41/
moynan.com/sexmatters.eu/mQbtYGG/
mpmhino.com/modules/zDg2I50UVSjom72Yru5v/
/admin/GgoC/
/cgi-bin/bTupw38RZHxXK2Web41/
/cgi-bin/sPgG8g/
/dwl/rrqU9XYAzgAVneYOhI/
/modules/zDg2I50UVSjom72Yru5v/
/owl-carousel/E6pKFPlGuUW3/
/sexmatters.eu/mQbtYGG/
/ssti/yYrvmJgjpFHHe/
/wp-admin/KVoCiQwgjrtavei4x/
/bTupw38RZHxXK2Web41/
/E6pKFPlGuUW3/
/KVoCiQwgjrtavei4x/
/mQbtYGG/
/rrqU9XYAzgAVneYOhI/
/yYrvmJgjpFHHe/
/zDg2I50UVSjom72Yru5v/

# Reference: https://www.virustotal.com/gui/file/0f3edf4e46a263ca74e1089aaebc8b85db3e80677f8f4606e5f9a09fecec3903/detection

bluetoothheadsetreview.xyz
mammy-chiro.com/case/ZTkBzbz/
/case/ZTkBzbz/
/wp-includes/xmdHAGgfki/
/xmdHAGgfki/
/ZTkBzbz/

# Reference: https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/
# Reference: https://otx.alienvault.com/pulse/6284c3084688a98441397da3

topline36.xyz
goodmarketinggroup.com/newish/562_9559085/
hispanicaidgroup.org/ufay0vq/keWIgzwT/
/css/BB9Ajvjs89U9O/
/ufay0vq/keWIgzwT/
/BB9Ajvjs89U9O/
/keWIgzwT/
/ufay0vq/

# Reference: https://twitter.com/Cryptolaemus1/status/1527225384361762816

noelworks.com/band/44/
omega-analytics.com/cgi-bin/nl1aa7GD26OR9/
ordinarymagazine.org/_notes/oMhfAAWIBLrCza/
oshop.es/test/yLT3Xjra352ky/
/_notes/oMhfAAWIBLrCza/
/cgi-bin/nl1aa7GD26OR9/
/test/yLT3Xjra352ky/
/nl1aa7GD26OR9/
/oMhfAAWIBLrCza/
/yLT3Xjra352ky/

# Reference: https://tria.ge/220519-hj3l7afaaq/behavioral2
# Reference: https://www.virustotal.com/gui/file/0ae4570663eb17709b75e8dc94b62b376ad0212f969d678aadc8390977c601ca/detection

olgaperezporro.com/js/6vnOMgxQdjedBh/
olgaperezporro.com
/js/6vnOMgxQdjedBh/
/6vnOMgxQdjedBh/

# Reference: https://twitter.com/Cryptolaemus1/status/1527363924693499904

megakonferans.com/wp-admin/Xzz08i514NBrg/
myqservice.com.ar/wp-includes/UamQky9H9rSyN7CWdue/
nerz.net/stats/TXGRpKb/
noronhalanches.com.br/cgi-bin/xixssuML9NOJO9/
/cgi-bin/xixssuML9NOJO9/
/stats/TXGRpKb/
/wp-admin/Xzz08i514NBrg/
/wp-includes/UamQky9H9rSyN7CWdue/
/TXGRpKb/
/UamQky9H9rSyN7CWdue/
/xixssuML9NOJO9/
/Xzz08i514NBrg/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-19%20Emotet%20(E4)%20IOCs

gelish.com/email-hog/YXaPiWbFMKT/
nandonikwebdesign.com/OWs/
nutensport-wezep.nl/wp-includes/QyezZmBmTL8AulMVv0oh/
omeryener.com.tr/wp-admin/oakwcoWufii0JR89G/
/email-hog/YXaPiWbFMKT/
/wp-admin/oakwcoWufii0JR89G/
/wp-includes/QyezZmBmTL8AulMVv0oh/
/oakwcoWufii0JR89G/
/QyezZmBmTL8AulMVv0oh/
/YXaPiWbFMKT/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-19%20Emotet%20(E4)%20Rd2%20IOCs

napolilovemark.com/Re9e27V3Kd/PQFv/
natdemo.natrixsoftware.com/wp-admin/B1bA/
norbealun.id.au/images/ZL8/
nordicbysight.se/wp-admin/kdFrWJ4/
octante.net/academia/At2FfFcDfkI/
p236119.webspaceconfig.de/wordpress/7/
/academia/At2FfFcDfkI/
/Re9e27V3Kd/PQFv/
/wp-admin/B1bA/
/wp-admin/kdFrWJ4/
/Re9e27V3Kd/
/kdFrWJ4/
/At2FfFcDfkI/

# Reference: https://twitter.com/Cryptolaemus1/status/1527546646816772096

kolejleri.com/wp-admin/REvup/
milanstaffing.com/images/D4TRnDubF/
learnviaonline.com/wp-admin/qGb/
stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/
/classes/05SkiiW9y4DDGvb6/
/images/D4TRnDubF/
/wp-admin/qGb/
/wp-admin/REvup/
/05SkiiW9y4DDGvb6/
/D4TRnDubF/

# Reference: https://twitter.com/Cryptolaemus1/status/1527566492354588674

elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
jr-software-web.net/aaabackupsqldb/11hYk3bHJ/
masyuk.com/581voyze/MlX/
melisetotoaksesuar.com/catalog/controller/account/dqfKI/
/athletics-carnival-2018/3UTZYr9D9f/
/aaabackupsqldb/11hYk3bHJ/
/581voyze/MlX/
/catalog/controller/account/dqfKI/
/11hYk3bHJ/
/3UTZYr9D9f/
/581voyze/
/aaabackupsqldb/

# Reference: https://twitter.com/Cryptolaemus1/status/1527577171459702792

bpsjambi.id/about/VPe69A9Tk/
mandom.co.id/assets/TpIIt7SmNBsWCECLoHrS/
marmaris.com.br/wp-admin/2cfpSuAH/
masidiomas.com/D4WStats/GAhmgvhLgUn6/
pacemaker.cd/images/Xc/
yamada-shoshi.main.jp/yamada-shoshi/V61hH/
/about/VPe69A9Tk/
/assets/TpIIt7SmNBsWCECLoHrS/
/D4WStats/GAhmgvhLgUn6/
/yamada-shoshi/V61hH/
/wp-admin/2cfpSuAH/
/2cfpSuAH/
/D4WStats/
/GAhmgvhLgUn6/
/TpIIt7SmNBsWCECLoHrS/
/VPe69A9Tk/

# Reference: https://twitter.com/Cryptolaemus1/status/1527679486468104193

airliftlimo.com/wp-admin/iMc/
kabeonet.pl/wp-admin/VWlAz5vWJNHDb/
salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/
vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/
/B8d6jr4pBND2HExAmI/lJWa95VlQ/
/tgroup.ge/x4bc2kL4BzGAeUsVi/
/wp-admin/VWlAz5vWJNHDb/
/B8d6jr4pBND2HExAmI/
/lJWa95VlQ/
/VWlAz5vWJNHDb/
/x4bc2kL4BzGAeUsVi/

# Reference: https://twitter.com/Cryptolaemus1/status/1527749740930076672

bencevendeghaz.hu/wp-includes/tXQBsglNOIsunk/
berekethaber.com/hatax/fovLaro/
bosny.com/aspnet_client/ErI5F74cwiiOywe/
cesasin.com.ar/administrator/HC46kHDUSYN305GglCP/
/administrator/HC46kHDUSYN305GglCP/
/aspnet_client/ErI5F74cwiiOywe/
/wp-includes/tXQBsglNOIsunk/
/ErI5F74cwiiOywe/
/HC46kHDUSYN305GglCP/
/tXQBsglNOIsunk/

# Reference: https://twitter.com/Cryptolaemus1/status/1528022730083160064

gumi-repair.iptime.org/wordpress/qrkL1zS36aRe6yk/
karimexpress.ma/cronHelper/Pwbq/
kingkongpizza.ru/fonts/sFUY3/
kingmode.ir/wp-admin/VKuUS10kNpfiLRwQEXN/
kwinglobal.dothome.co.kr/inc/TbUvEBJ/
/cronHelper/Pwbq/
/fonts/sFUY3/
/inc/TbUvEBJ/
/wordpress/qrkL1zS36aRe6yk/
/wp-admin/VKuUS10kNpfiLRwQEXN/
/qrkL1zS36aRe6yk/
/VKuUS10kNpfiLRwQEXN/

# Reference: https://www.virustotal.com/gui/file/02860eb954c1d4934cb9e06fd9d00c247eee4b9fefa39a39d8cfb5fe0fabf2bc/detection

128.199.93.156:443
160.16.143.191:7080
165.22.73.229:8080
clasite.com/blogs/IEEsyn/
opencart-destek.com/catalog/OqHwQ8xlWa5Goyo/
pjesacac.com/components/O93XXhMN3tOtTlV/
/catalog/OqHwQ8xlWa5Goyo/
/components/O93XXhMN3tOtTlV/
/O93XXhMN3tOtTlV/
/OqHwQ8xlWa5Goyo/

# Reference: https://twitter.com/Cryptolaemus1/status/1526458556156760064

lakor.ch/lakor/u41taimP/
metalgas.com.ar/wp-includes/2Ecobg/
/lakor/u41taimP/
/wp-includes/2Ecobg/

# Reference: https://twitter.com/Max_Mal_/status/1526488126461513729

75155dae0c8c8496.main.jp/js/ajB3sTqbQfUWSTM/
adepgroup.com/oldSite201903/lJtl6QtLrAYQn1Err0gE/
alsafwa.com.ly/webcal/4l6nq6EvCUxm/
cnjskconstruction.com/blogs/Lx2/
getlivetext.com/alanvgo/J4TI/
mohammadyarico.com/English/dfKNLblF/
/alanvgo/J4TI/
/English/dfKNLblF/
/js/ajB3sTqbQfUWSTM/
/oldSite201903/lJtl6QtLrAYQn1Err0gE/
/webcal/4l6nq6EvCUxm/
/ajB3sTqbQfUWSTM/
/4l6nq6EvCUxm/
/dfKNLblF/
/lJtl6QtLrAYQn1Err0gE/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-17%20Emotet%20(E4)%20IOCs

koichiro-kimura.com/PORK/tE39FQ4Qdff6plYV/
/PORK/tE39FQ4Qdff6plYV/
/tE39FQ4Qdff6plYV/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-16%20Emotet%20(E5)%20IOCs

anguianoss.com/wp-admin/bLMH9Q3bG/
berekethaber.com/hatax/JfjLv/
bosny.com/aspnet_client/kWXKDqsBEiPvG/
bpsjambi.id/about/yJ6C01yO1uRd/
ismarttechnologies.com/blogs/LjCTItLtHGBM4S3/
salledemode.com/tgroup.ge/kI1nxjDArzglOLCZk5/
/about/yJ6C01yO1uRd/
/aspnet_client/kWXKDqsBEiPvG/
/blogs/LjCTItLtHGBM4S3/
/hatax/JfjLv/
/tgroup.ge/kI1nxjDArzglOLCZk5/
/wp-admin/bLMH9Q3bG/
/bLMH9Q3bG/
/kI1nxjDArzglOLCZk5/
/kWXKDqsBEiPvG/
/LjCTItLtHGBM4S3/
/yJ6C01yO1uRd/

# Reference: https://twitter.com/Cryptolaemus1/status/1528815945657253888

kronostr.com/tr/Oa97cQB4l4Clf9/
moaprints.com/Prma3HlbvaG/
mohammadyarico.com/English/oYJF64dcGKWp7dGrP/
/Oa97cQB4l4Clf9/
/oYJF64dcGKWp7dGrP/
/Prma3HlbvaG/

# Reference: https://twitter.com/Cryptolaemus1/status/1528735543126654976
# Reference: https://twitter.com/Cryptolaemus1/status/1528710039405441024

airliftlimo.com/wp-admin/wzZ3RIsItxZsu77MFxs/
avenuebrasil.com/_img/5KAqQ/
demo-re-usables.inertiasoft.net/cgi-bin/AR4nYNd9xpn/
justplay.asia/google/oCbyPwB8B/
microlent.com/admin/kM442bdMLLMQ1qJe5/
neoexc.com/cgi-bin/srN0xYgm/
ong-hananel.org/PAQUES/bPiA2l6foj7kjN/
sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/
/_img/5KAqQ/
/admin/kM442bdMLLMQ1qJe5/
/cgi-bin/AR4nYNd9xpn/
/cgi-bin/srN0xYgm/
/google/oCbyPwB8B/
/old_source/9boJQZpTSdQE/
/PAQUES/bPiA2l6foj7kjN/
/wp-admin/wzZ3RIsItxZsu77MFxs/
/9boJQZpTSdQE/
/AR4nYNd9xpn/
/bPiA2l6foj7kjN/
/kM442bdMLLMQ1qJe5/
/oCbyPwB8B/
/srN0xYgm/
/wzZ3RIsItxZsu77MFxs/

# Reference: https://twitter.com/Cryptolaemus1/status/1528994310364221440

berekethaber.com/hatax/c7crGdejW4380ORuxqR/
bosny.com/aspnet_client/NGTx1FUzq/
bulldogironworksllc.com/temp/BBh5HHpei/
/aspnet_client/NGTx1FUzq/
/hatax/c7crGdejW4380ORuxqR/
/temp/BBh5HHpei/
/BBh5HHpei/
/c7crGdejW4380ORuxqR/
/NGTx1FUzq/

# Reference: https://tria.ge/220524-hs1tysbagq/behavioral1

myphamcuatui.com/assets/OPVeVSpO/
newkano.com/wp-admin/66rIsrVwoPKUsjcAs/
ocalogullari.com/inc/Wcm82enrs8/
sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/
/assets/OPVeVSpO/
/inc/Wcm82enrs8/
/old_source/9boJQZpTSdQE/
/wp-admin/66rIsrVwoPKUsjcAs/
/66rIsrVwoPKUsjcAs/
/9boJQZpTSdQE/
/OPVeVSpO/
/Wcm82enrs8/

# Reference: https://twitter.com/Cryptolaemus1/status/1529373064193929216

masidiomas.com/D4WStats/3aDOo2vU/
moorworld.com/aspnet_client/hSJPPgjn1x4d5rHCpxp/
viphawan.com/2016/o9C3UhJVc0x1ml/
virajindustriesinc.com/fonts/OxcnRyYlItMhvrsn0/
vltava-design.com/1koma/43BTOpWDbTZC1CpwolK/
/1koma/43BTOpWDbTZC1CpwolK/
/2016/o9C3UhJVc0x1ml/
/D4WStats/3aDOo2vU/
/aspnet_client/hSJPPgjn1x4d5rHCpxp/
/fonts/OxcnRyYlItMhvrsn0/
/3aDOo2vU/
/43BTOpWDbTZC1CpwolK/
/OxcnRyYlItMhvrsn0/
/hSJPPgjn1x4d5rHCpxp/
/o9C3UhJVc0x1ml/

# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-05-25_Emotet_DownloadURLs

http://192.99.237.111
http://46.4.78.202
http://51.222.72.232
7eminotopark.com/cgi-bin/y2obW1nmOgHOr4A7kw95JKRYZxAy4/
agenciaml.com.br/cgi-bin/dgAqqwwIeejxNozI/
airliftlimo.com/wp-admin/wzZ3RIsItxZsu77MFxs/
almoeqatar.com/cgi-bin/qoOYPhlkRGnBClmNu5I/
andrewpharma.com/wp-includes/JSDlHbnRdWAMrLKFQ/
angel.bk.idv.tw/web_images/rHDPqCa8BGFXnnwHjJl/
anguianoss.com/wp-admin/bLMH9Q3bG/
ara-choob.com/data1/Fgv77t71DAPm09UU/
ara-choob.com/data1/Tzm3xsCsT4DScdUFOx/
baudesign.ge/assets/1BAEFmOYqIf7HLg/
benconry.com/wp-includes/a/
benconry.com/wp-includes/hiCmBIU45rnQjc/
berekethaber.com/hatax/c7crGdejW4380ORuxqR/
berekethaber.com/hatax/fovLaro/
berekethaber.com/hatax/JfjLv/
bethelmbcarvada.org/EZTracker_Errors/9Pbi1J2/
bosny.com/aspnet_client/ErI5F74cwiiOywe/
bosny.com/aspnet_client/kWXKDqsBEiPvG/
bosny.com/aspnet_client/NGTx1FUzq/
bosny.com/aspnet_client/rnMp0ofR/
bosny.com/aspnet_client/UZlstV/
bosny.com/aspnet_client/WP0CVU9BtPZ6IRoO9ZlRMw/
boxtelreport.com/biin/P0ra/
bpsjambi.id/about/Kj/
bpsjambi.id/about/phOuINN3n376Cv1Fsa37/
bpsjambi.id/about/VPe69A9Tk/
bpsjambi.id/about/yJ6C01yO1uRd/
britainsolicitors.com/wp-admin/2ysGFKDbYP5sJB0Xg/
buffetmazzi.com.br/ckfinder/62TTrs2MEXQ2mmRB22/
bulldogironworksllc.com/temp/BBh5HHpei/
bulldogironworksllc.com/temp/IVHD00GG/
ceibadiseno.com.mx/brochure/2vw/
ceibadiseno.com.mx/brochure/5bH/
ceibadiseno.com.mx/brochure/abrtvpK/
ceibadiseno.com.mx/brochure/hnZjHGo1EYITQZ/
ceibadiseno.com.mx/brochure/kBuNjsECS9y2gRB6xaC/
chemsky.tn/64prPlDhbugztyb2Zl/xjvFXPUX7XeoPWTqSQ2/
clasite.com/blogs/IEEsyn/
clasite.com/blogs/ImchViGgNmO/
clasite.com/blogs/uaWi/
clasite.com/blogs/UCm4mbyEhvMgiqOjPw/
claudioavelar.adv.br/Revista/HgrQSZcBtk/
claudioavelar.adv.br/Revista/JljahSR26i5k/
claudioavelar.adv.br/Revista/kkLJV6YZI6I/
claudioavelar.adv.br/Revista/z9VYb5pwXheINT/
claudioavelar.adv.br/Revista/zG4DRI/
colegiounamuno.es/cgi-bin/E/
commune-ariana.tn/sites/3BvaCmo/
congtycamvinh.com/plugins/jG3iqpQaTL1TXYMolH
congtycamvinh.com/plugins/jG3iqpQaTL1TXYMolH/
construlandia.com/templates/2saGKy0qR5LA8uM/
construlandia.com/templates/7F108jCmRMHLOk/
construlandia.com/templates/BrRf8QDloUqNyTAdXE/
construlandia.com/templates/bzYj/
construlandia.com/templates/IwJiHDBEAdwATHwfgY7/
construlandia.com/templates/mbRFivc7CQ9ZyRXiDI7iNy/
construlandia.com/templates/PmXH0h62RnWUjxY2bWN/
construlandia.com/templates/RnotTx3uT1qVusIFTl2/
crecercreando.com/tapas2/AWlo/
crecercreando.com/tapas2/isD/
cubicegg.asia/pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/
cubicegg.asia/pKUVQsfSHB/cfF/
danialteb.com/wp-admin/2V8H/
danoblab.com/wordpress_4/kSNthhP5C9KswzAC9cBMmku/
danoblab.com/wordpress_4/zxPS1i6oWXBbeK/
datainline.com/aspnet_client/25T/
datainline.com/aspnet_client/56LwAJvy/
datainline.com/aspnet_client/TpbeXlnwwTB/
davidludlow.com/KYM/UYruujsiC2YXaBBSSl7/
decorusfinancial.com/wp-content/7dODakeZZ83fJi/
demo-re-usables.inertiasoft.net/cgi-bin/AR4nYNd9xpn/
demo-re-usables.inertiasoft.net/cgi-bin/z1CD/
demo.cansunoto.com/wp-admin/XyGLg1/
demo.cansunoto.com/wp-admin/Y22GqmMm/
dh.net.br/catalogo1/OAIrGjd1Or4QEWEuaxHbkIOPcqdK/
dijicom.net/error/HG1y7EgWrBA8fDYUIceqaL2pUqcj/
dl5.zahra-media.ir/dl5.zahra-media.ir/1XOgZSSlKVJ6/
dl5.zahra-media.ir/dl5.zahra-media.ir/9vvHAXe5/
dl5.zahra-media.ir/dl5.zahra-media.ir/aFtWkmsrOuZ6uWk1/
dl5.zahra-media.ir/dl5.zahra-media.ir/eDSfvIcQEGIKGsiK/
dl5.zahra-media.ir/dl5.zahra-media.ir/Iye11aStLm1/
dl5.zahra-media.ir/dl5.zahra-media.ir/k4eMbtkYkWcIMeA/
dl5.zahra-media.ir/dl5.zahra-media.ir/l34jaFq0PIh3/
dl5.zahra-media.ir/dl5.zahra-media.ir/llDJKV/
dl5.zahra-media.ir/dl5.zahra-media.ir/NDPruKKpO/
dl5.zahra-media.ir/dl5.zahra-media.ir/qm4lrFF/
dl5.zahra-media.ir/dl5.zahra-media.ir/roYgjVHpS/
dl5.zahra-media.ir/dl5.zahra-media.ir/S6UqYij8pBV1vK/
dl5.zahra-media.ir/dl5.zahra-media.ir/vJd6L/
dl5.zahra-media.ir/dl5.zahra-media.ir/YVnV/
dl5.zahra-media.ir/dl5.zahra-media.ir/ZC59RU5VC01n/
dlqsclub.com/wp-content/uploads/4ImMYkgI44psweaKI/
dmcontabilidade.com/correspondentecaixa/TrS/
dominiki.pl/forum/akfa6L4b/
drcno.sk/_sub/Q4UgYNLmsaosQ2/
dulichdichvu.net/libraries/6vhzwoZoNDSMtSC/
dulichdichvu.net/libraries/QhtrjCZymLp5EbqOdpKk/
dulichdichvu.net/libraries/vNjJU0JOEiZVljVrZavkePpju/
dwwmaster.com/wp-content/tfNs1crHYZd6F5/
e5web.com.br/wp-content/4TPDUppb/
easiercommunications.com/wp-content/09i4dfKbpiuj8k/
easiercommunications.com/wp-content/cx7EFvxoK3mdBHX4MRXQKcBDiU/
easiercommunications.com/wp-content/w/
easiercommunications.com/wp-content/yqNxi8IKbRIt7akB/
ecoarch.com.tw/cgi-bin/6ZzlWq5UdvMkkNk/
ecoarch.com.tw/cgi-bin/7UDFBjYypFJloFOLvP/
ecoarch.com.tw/cgi-bin/7YU1j9lqBX3bii/
ecoarch.com.tw/cgi-bin/8SRY/
ecoarch.com.tw/cgi-bin/coQ8DPIUBYkwH/
ecoarch.com.tw/cgi-bin/E/
ecoarch.com.tw/cgi-bin/lmQJVAf1VhasevFipwEFRObbxGXRZ/
ecoarch.com.tw/cgi-bin/opbDKH6cq5euv2Cztzb/
ecoarch.com.tw/cgi-bin/vhmTEdL4h2/
ecoarch.com.tw/cgi-bin/vWW/
ecoarch.com.tw/cgi-bin/yaWLCfVBI/
economizesa.com.br/cgi-bin/fA1Y/
economizesa.com.br/cgi-bin/gZSppeiuOneFdNZfubX2iQ/
ecube.com.mx/e2oCWBnC/
ecube.com.mx/e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/
edoraseguros.com.br/cgi-bin/l7ZERv5deNsfzlZUZ/
edoraseguros.com.br/cgi-bin/mh3MMGKfhXtJ/
edoraseguros.com.br/cgi-bin/ySH8/
eipweb.com/cgi-bin/suTTfnjUrAC69ByAU9h1kv9T/
elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
ens-setif.dz/annuaire/Yu8wjHLmAzqyUS3XTSe/
eznetb.synology.me/@eaDir/wg2BqaWFRZb1G/
famesa.com.ar/dos/gaa/
fantasyclub.com.br/imgs/rggmVTfvT/
fashionbyprincessmelodicaah.com/4185PINT/jwh2cwjFHLZL/
fashionbyprincessmelodicaah.com/4185PINT/te/
federation-sardaniste.fr/calendrier/Y7gy8vFc93EGgNB7d5liwLCiUX/
fmesperanza945.com/js/Tq9tCfKAZcxvKCxl/
fontecmobile.com/pk/tRqU7/
fpd.cl/cgi-bin/83E0xgTMc/
fpd.cl/cgi-bin/8Cwqi8/
fpd.cl/cgi-bin/N/
galaxy-catering.com.vn/galxy/cX9eVP/
galaxy-catering.com.vn/galxy/Fg1vvhlYJ/
garantihaliyikama.com/wp-admin/FjgB6I/
gccon.in/UploadedFiles/CQTqp8ybddYdbPZIcV3/
gccon.in/UploadedFiles/UYtJNrT2llxy1/
gelish.com/email-hog/YXaPiWbFMKT/
genccagdas.com.tr/assets/doWHIxLe7e/
genccagdas.com.tr/assets/MRzxnRKVcE43yeQx/
genccagdas.com.tr/assets/TTHOm833iNn3BxT/
geowf.ge/templates/pJRea3Iu3wG/
geowf.ge/templates/TlbsO1F7p/
gla.ge/old/enG/
gla.ge/old/PuVaff/
globartmag.com/doubleclick/0mhNze/
gnnmuebles.com/repellatdoloremque/XGc7rXmnrdSO/
gnr.gtu.ge/admin/yKgYN2K0mYY/
greycoconut.com/edm/0ywf2bF/
greycoconut.com/edm/Jc3LJXQ6wEemK7g876/
grupobatistella.com.br/wp-content/bV2JMWZz/
guedala.com.br/cgi-bin/c349IB7OmLvMgcZEoCe/
gzndfit.com/520/04iIX2OE7gFJBkLdt/
gzndfit.com/520/2jNG94sK8ghPDEZR3M64ZdjvaJAl/
gzndfit.com/520/iopAQaRrZYgA883NZ/
h63402x4.beget.tech/bin/2M/
h63402x4.beget.tech/bin/wl0ENiE3BhELXV6V/
haircutbar.com/documents/EpRj8CMVJJ/
haircutbar.com/documents/GwdtlCyoXB9/
haircutbar.com/documents/xuPEi/
hangaryapi.com.tr/cgi-bin/PVrH9X9PyARmyn3s/
hangaryapi.com.tr/wp-admin/5n42ncL3nWMbJHwy7/
hangaryapi.com.tr/wp-admin/MukeqeAOTXGX6UZ/
haribuilders.com/zoombox-master/75wLA48wnAGsckgKb/
haribuilders.com/zoombox-master/aCt/
haribuilders.com/zoombox-master/c6aWh7ah6vqz/
haribuilders.com/zoombox-master/INGYvA0m/
haribuilders.com/zoombox-master/SEQtwcSCGpSyg/
haribuilders.com/zoombox-master/u6QVKZamtaV5L66Nx/
harleyqueretaro.com/renew2019/Back2016-12-22/cv/data/RjuiFMp4Fsp/
hcsnet.com.br/wp-content/emmK/
hcsnet.com.br/wp-content/zvPeH/
heaventechnologies.com.pk/apitest/e4Pkx/
heaventechnologies.com.pk/apitest/xdeAU0rx26LT9I/
hellojohnwebb.com/TMkGx6CJ5WWoFnH8t6eAQ8E91/
helmprecision.com/Helm/main/css/pQGi4xm0aNV/
hkwindsacademy.synology.me/@eaDir/qH2EHuvYVoJEJ2/
hmtpolska.home.pl/Trash/37/
ho280319001.hogibo.net/include/tgQwxic4QwuM/
homeeflyer.com/7photo2/PiLGiTrLqCWuoRr6/
hospitaldesitges.cat/OLD_BORRAR/ceCC6SPMue/
hotelmourya.com/aspnet_client/bYgwNXnkq/
howesitgoing.com/images/HyaDnlbl6K7tbh2Lugys/
howie23.org/wH3bd37xcJBEKu/Cba9lBuj4pQidgw/
hqsistemas.com.ar/cgi-bin/FMPTFCp/
i-dots.com/image/8C7AwiFZmI1p/
iciee.untirta.ac.id/test/GccRw/
ijsclub-de-volharding.nl/Contact/02tLuEpm/
ijsclub-de-volharding.nl/Contact/64v9/
ikatemia.untirta.ac.id/assets/VT/
imenikala.com/wp-admin/vyjYPEc/
industriasguidi.com.ar/wp-includes/x918PGFU/
ingonherbal.com/application/PhEbceg4Tx/
irishcarsagadir.net/n3rz4Y9rscfwluelvDV/LqxCq/
jackholland.eu/flashshoot/A1sVGeUdOmXpPeof/
japlatec.com/page/sAnfptTN0J4pw4S6B1Y/
jdserralheria.com.br/cgi-bin/KFG6/
jml.iptime.org/@eaDir/DFjRxYGc/
jsonsintl.com/RxsGgoVWz9/
jsonsintl.com/RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/
keltonconstruction.com/_vti_bin/DFNorq/
keltonconstruction.com/_vti_bin/H6Qm88nzyQe/
kingkongpizza.ru/fonts/sFUY3/
kingmode.ir/wp-admin/VKuUS10kNpfiLRwQEXN/
kolejleri.com/wp-admin/REvup/
kronostr.com/tr/bbRjEuBFYBX4Oiod/
kronostr.com/tr/Oa97cQB4l4Clf9/
kuluckaci.com/yarisma/cgi-bin/aIuI4Ukdtl730sP1F/
kuluckaci.com/yarisma/cgi-bin/obEPv40iNRumhPGv6wo/
kustens.com/A-Kus/stoyH/
kwinglobal.dothome.co.kr/inc/TbUvEBJ/
la-csi.com/mt-admin/gCObckGgJyOJWJLZ/
lavameapp.cl/wp-snapshots/himv0rbBofmABf3ewN/
learnviaonline.com/wp-admin/qGb/
littleplanetclass.com/assets/61BKcuxC5HWBPbpPHKDI9/
littleplanetclass.com/assets/8/
littleplanetclass.com/assets/Cvfhkget00Lrk41a/
littleplanetclass.com/assets/G89kXzBAJO77QSgFgUxa/
littleplanetclass.com/assets/hd0y7/
littleplanetclass.com/assets/izJQ708a1/
littleplanetclass.com/assets/Je0XC4R/
littleplanetclass.com/assets/JMHFvkdcAjY/
littleplanetclass.com/assets/pf5HqLMkI/
littleplanetclass.com/assets/q73HpTY/
littleplanetclass.com/assets/RKpaLk40sk3tfh2ylKH/
littleplanetclass.com/assets/RVfrablPa9HS6UAJ/
littleplanetclass.com/assets/zITd/
lopespublicidade.com/cgi-bin/e5R5oG4iEaQnxQrZDh/
lovemihome.co.za/fquccH5zPj/m8LaKB0hBb/
luzytextura.com/marfinance/gdwyLku/
mandom.co.id/assets/ejevw82KJ6VYDzZY3O/
mandom.co.id/assets/TpIIt7SmNBsWCECLoHrS/
masidiomas.com/D4WStats/GAhmgvhLgUn6/
masidiomas.com/D4WStats/Ge3FN11FjPBzlOiO/
mcapublicschool.com/Achievements/FbgG5Xk/
mcapublicschool.com/Achievements/r4psv/
melisetotoaksesuar.com/catalog/controller/account/dqfKI/
melisetotoaksesuar.com/catalog/pFyl/
metalgas.com.ar/wp-includes/2Ecobg/
metalgas.com.ar/wp-includes/pIxAd/
mewolters.nl/tmp/3Qty7GTQht/
mfscomunicacao.com.br/old/EEoE433/
microlent.com/admin/3/
microlent.com/admin/GgoC/
microlent.com/admin/kM442bdMLLMQ1qJe5/
milanstaffing.com/images/vukvR2flVIu62E/
mistchem.com/wp-admin/qcgRq15U9PNBc4z/
mjhl.com.mx/fonts/sG/
mohammadyarico.com/English/dfKNLblF/
mohammadyarico.com/English/oYJF64dcGKWp7dGrP/
moorworld.com/aspnet_client/fTDJOdTa1USKl43wFtnb/
moorworld.com/aspnet_client/JUJWT/
muhsinsirim.com/cgi-bin/Vt2umvq3ufyBZZWR2HZ/
mulmatdol.com/adm/Semrx6pQ/
myphamcuatui.com/assets/OPVeVSpO/
myphamcuatui.com/assets/z1b9YfHoX7Fp/
myqservice.com.ar/wp-includes/KPfIhRvHsnocXQ2z/
myqservice.com.ar/wp-includes/UamQky9H9rSyN7CWdue/
nakharinitwebhosting.com/HSDYKN1X5GLF/
napolilovemark.com/Re9e27V3Kd/PQFv/
natdemo.natrixsoftware.com/wp-admin/B1bA/
natdemo.natrixsoftware.com/wp-admin/QyqiN/
nenlineasv.com/encasa/cgi-bin/wqDZzO2OsIk7qGb/
nenlineasv.com/encasa/qnKqfcj4q/
neoexc.com/cgi-bin/gOTeFmMuXhfsGqDl/
neoexc.com/cgi-bin/srN0xYgm/
nerz.net/stats/KVIyooM/
nextcampolargo.com.br/cgi-bin/eeU5HhscZ10Y5O2Ss/
nigerianang.com/plugins/S3UsCMQhf1DBHTkiSEm/
nycom.narasoft.com/movie_link/4l6T5s7EcTyT/
nycom.narasoft.com/movie_link/osw54cGkTZr0/
ocalogullari.com/inc/qFVa7tzob2eQTk5dWD/
ocalogullari.com/inc/Wcm82enrs8/
ogenhukuk.com/css/RYnIOe9nU3/
olafs-radladen.de/captcha/iTNRUusWY3qNlhBpG/
old.liceum9.ru/images/DiazQsBnLhW3zpKRe/
old.liceum9.ru/images/P3kTyZjKSLHIcLhpJ4/
old.liceum9.ru/images/R/
old.liceum9.ru/images/Yh/
oncrete-egy.com/wp-content/V6Igzw8/
onepieceark.dothome.co.kr/jwr/Q/
ong-hananel.org/PAQUES/bPiA2l6foj7kjN/
opencart-destek.com/catalog/OqHwQ8xlWa5Goyo/
opornik55.ru/wp-content/uploads/4luXOJEZV3C/
opornik55.ru/wp-content/uploads/4yQ9cLAlPGlnFUx/
opornik55.ru/wp-content/uploads/cx6D0oSQ0r8d56hXHH/
opornik55.ru/wp-content/uploads/gjwrggwL52Qg/
opornik55.ru/wp-content/uploads/HrP384B/
opornik55.ru/wp-content/uploads/JQ/
opornik55.ru/wp-content/uploads/KDrP1bI6KGk/
opornik55.ru/wp-content/uploads/MiC9l/
opornik55.ru/wp-content/uploads/tXDU6mf5VNSV/
opornik55.ru/wp-content/uploads/u4XDlUHY5zviKg/
opornik55.ru/wp-content/uploads/UZxExbsDc6m0/
opornik55.ru/wp-content/uploads/XqUFTt2mhVj/
opornik55.ru/wp-content/uploads/ZPi20LzUOcDQI/
opornik55.ru/wp-content/uploads/ZTQCHQ9OYwq/
opornik55.ru/wp-content/uploads/ZxzxI/
p4936.webmo.fr/wp-admin/FKTynV/
pacemaker.cd/images/Xc/
picsmaker.com/cgi-bin/jWdUsHIsoD/
picsmaker.com/cgi-bin/OEEtgXEetqIvVsq/
piffl.com/piffl.com/a/
puntamimarlik.com.tr/wp-admin/9IW7L1gKwWOoNQREJ6/
redmag-dz.com/joomla/K66s1IU9h/
reiwo-service.de/cgi-bin/O/
reneetten.nl/Menu/RBjbO/
reneetten.nl/Menu/XNMhx6nSnnpp8aZzk/
saffrontheindiankitchen.com/studyinusa/c9GcsoElVub05Q4iTjI7j53UQCpdSA/
sd-1093121-h00002.ferozo.net/wp-content/YQ7IkSjIEP9r/
sd-1684625-h00001.ferozo.net/PaginaMasVieja1321654/VXbZo/
sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/
st-florenceacademy.com/images/zd2/
stainedglassexpress.com/classes/05SkiiW9y4DDGvb6/
stainedglassexpress.com/classes/veV/
thepublicelection.com/wp-includes/0AEt8wRWroIJmVgEjZC/
tiemvangngoctham.com/wp-content/jkNQKmmMlZi/
vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/
visionnextgroup.net/saharaUK/2UXmSjlPLoroRMOjJ2AfDM/
vrstar-park.com/wp-includes/2UYhNgIaNeIBM/
wanderlustphtravel.com/cgi-bin/QphfoQq4t/
waves-india.com/LC/YolqTCGPcBX0h/
weareone-bh.org/ik8EFuXqc/
webguruindia.com/theme/A7IdsEk1uJo/
webmk.de/assets/X5r/
weboculta.com/APPs/jb7urLT2s/
yamada-shoshi.main.jp/yamada-shoshi/V61hH/
/4185PINT/jwh2cwjFHLZL/
/4185PINT/te/
/520/04iIX2OE7gFJBkLdt/
/520/2jNG94sK8ghPDEZR3M64ZdjvaJAl/
/520/iopAQaRrZYgA883NZ/
/64prPlDhbugztyb2Zl/xjvFXPUX7XeoPWTqSQ2/
/7photo2/PiLGiTrLqCWuoRr6/
/@eaDir/DFjRxYGc/
/@eaDir/qH2EHuvYVoJEJ2/
/@eaDir/wg2BqaWFRZb1G/
/_sub/Q4UgYNLmsaosQ2/
/_vti_bin/DFNorq/
/_vti_bin/H6Qm88nzyQe/
/A-Kus/stoyH/
/about/phOuINN3n376Cv1Fsa37/
/about/VPe69A9Tk/
/about/yJ6C01yO1uRd/
/Achievements/FbgG5Xk/
/Achievements/r4psv/
/adm/Semrx6pQ/
/admin/GgoC/
/admin/kM442bdMLLMQ1qJe5/
/admin/yKgYN2K0mYY/
/annuaire/Yu8wjHLmAzqyUS3XTSe/
/apitest/e4Pkx/
/apitest/xdeAU0rx26LT9I/
/application/PhEbceg4Tx/
/APPs/jb7urLT2s/
/aspnet_client/25T/
/aspnet_client/56LwAJvy/
/aspnet_client/bYgwNXnkq/
/aspnet_client/ErI5F74cwiiOywe/
/aspnet_client/fTDJOdTa1USKl43wFtnb/
/aspnet_client/JUJWT/
/aspnet_client/kWXKDqsBEiPvG/
/aspnet_client/NGTx1FUzq/
/aspnet_client/rnMp0ofR/
/aspnet_client/TpbeXlnwwTB/
/aspnet_client/UZlstV/
/aspnet_client/WP0CVU9BtPZ6IRoO9ZlRMw/
/assets/1BAEFmOYqIf7HLg/
/assets/61BKcuxC5HWBPbpPHKDI9/
/assets/Cvfhkget00Lrk41a/
/assets/doWHIxLe7e/
/assets/ejevw82KJ6VYDzZY3O/
/assets/G89kXzBAJO77QSgFgUxa/
/assets/hd0y7/
/assets/izJQ708a1/
/assets/Je0XC4R/
/assets/JMHFvkdcAjY/
/assets/MRzxnRKVcE43yeQx/
/assets/OPVeVSpO/
/assets/pf5HqLMkI/
/assets/q73HpTY/
/assets/RKpaLk40sk3tfh2ylKH/
/assets/RVfrablPa9HS6UAJ/
/assets/TpIIt7SmNBsWCECLoHrS/
/assets/TTHOm833iNn3BxT/
/assets/z1b9YfHoX7Fp/
/athletics-carnival-2018/3UTZYr9D9f/
/biin/P0ra/
/bin/wl0ENiE3BhELXV6V/
/blogs/IEEsyn/
/blogs/ImchViGgNmO/
/blogs/uaWi/
/blogs/UCm4mbyEhvMgiqOjPw/
/brochure/abrtvpK/
/brochure/hnZjHGo1EYITQZ/
/brochure/kBuNjsECS9y2gRB6xaC/
/calendrier/Y7gy8vFc93EGgNB7d5liwLCiUX/
/captcha/iTNRUusWY3qNlhBpG/
/catalog/OqHwQ8xlWa5Goyo/
/catalog/pFyl/
/catalogo1/OAIrGjd1Or4QEWEuaxHbkIOPcqdK/
/cgi-bin/6ZzlWq5UdvMkkNk/
/cgi-bin/7UDFBjYypFJloFOLvP/
/cgi-bin/7YU1j9lqBX3bii/
/cgi-bin/83E0xgTMc/
/cgi-bin/8Cwqi8/
/cgi-bin/8SRY/
/cgi-bin/AR4nYNd9xpn/
/cgi-bin/c349IB7OmLvMgcZEoCe/
/cgi-bin/coQ8DPIUBYkwH/
/cgi-bin/dgAqqwwIeejxNozI/
/cgi-bin/e5R5oG4iEaQnxQrZDh/
/cgi-bin/eeU5HhscZ10Y5O2Ss/
/cgi-bin/fA1Y/
/cgi-bin/FMPTFCp/
/cgi-bin/gOTeFmMuXhfsGqDl/
/cgi-bin/gZSppeiuOneFdNZfubX2iQ/
/cgi-bin/jWdUsHIsoD/
/cgi-bin/KFG6/
/cgi-bin/l7ZERv5deNsfzlZUZ/
/cgi-bin/lmQJVAf1VhasevFipwEFRObbxGXRZ/
/cgi-bin/mh3MMGKfhXtJ/
/cgi-bin/OEEtgXEetqIvVsq/
/cgi-bin/opbDKH6cq5euv2Cztzb/
/cgi-bin/PVrH9X9PyARmyn3s/
/cgi-bin/qoOYPhlkRGnBClmNu5I/
/cgi-bin/QphfoQq4t/
/cgi-bin/srN0xYgm/
/cgi-bin/suTTfnjUrAC69ByAU9h1kv9T/
/cgi-bin/vhmTEdL4h2/
/cgi-bin/Vt2umvq3ufyBZZWR2HZ/
/cgi-bin/vWW/
/cgi-bin/y2obW1nmOgHOr4A7kw95JKRYZxAy4/
/cgi-bin/yaWLCfVBI/
/cgi-bin/ySH8/
/cgi-bin/z1CD/
/ckfinder/62TTrs2MEXQ2mmRB22/
/classes/05SkiiW9y4DDGvb6/
/Contact/02tLuEpm/
/Contact/64v9/
/correspondentecaixa/TrS/
/css/RYnIOe9nU3/
/D4WStats/GAhmgvhLgUn6/
/D4WStats/Ge3FN11FjPBzlOiO/
/data1/Fgv77t71DAPm09UU/
/data1/Tzm3xsCsT4DScdUFOx/
/dl5.zahra-media.ir/1XOgZSSlKVJ6/
/dl5.zahra-media.ir/9vvHAXe5/
/dl5.zahra-media.ir/aFtWkmsrOuZ6uWk1/
/dl5.zahra-media.ir/eDSfvIcQEGIKGsiK/
/dl5.zahra-media.ir/Iye11aStLm1/
/dl5.zahra-media.ir/k4eMbtkYkWcIMeA/
/dl5.zahra-media.ir/l34jaFq0PIh3/
/dl5.zahra-media.ir/llDJKV/
/dl5.zahra-media.ir/NDPruKKpO/
/dl5.zahra-media.ir/qm4lrFF/
/dl5.zahra-media.ir/roYgjVHpS/
/dl5.zahra-media.ir/S6UqYij8pBV1vK/
/dl5.zahra-media.ir/vJd6L/
/dl5.zahra-media.ir/YVnV/
/dl5.zahra-media.ir/ZC59RU5VC01n/
/documents/EpRj8CMVJJ/
/documents/GwdtlCyoXB9/
/documents/xuPEi/
/doubleclick/0mhNze/
/e2oCWBnC/6wp2K4sfQmVIRy6ZvdiH/
/edm/0ywf2bF/
/edm/Jc3LJXQ6wEemK7g876/
/email-hog/YXaPiWbFMKT/
/encasa/qnKqfcj4q/
/English/dfKNLblF/
/English/oYJF64dcGKWp7dGrP/
/error/HG1y7EgWrBA8fDYUIceqaL2pUqcj/
/EZTracker_Errors/9Pbi1J2/
/flashshoot/A1sVGeUdOmXpPeof/
/fonts/sFUY3/
/forum/akfa6L4b/
/fquccH5zPj/m8LaKB0hBb/
/galxy/cX9eVP/
/galxy/Fg1vvhlYJ/
/hatax/c7crGdejW4380ORuxqR/
/hatax/fovLaro/
/hatax/JfjLv/
/image/8C7AwiFZmI1p/
/images/DiazQsBnLhW3zpKRe/
/images/HyaDnlbl6K7tbh2Lugys/
/images/P3kTyZjKSLHIcLhpJ4/
/images/vukvR2flVIu62E/
/imgs/rggmVTfvT/
/inc/qFVa7tzob2eQTk5dWD/
/inc/TbUvEBJ/
/inc/Wcm82enrs8/
/include/tgQwxic4QwuM/
/joomla/K66s1IU9h/
/js/Tq9tCfKAZcxvKCxl/
/KYM/UYruujsiC2YXaBBSSl7/
/LC/YolqTCGPcBX0h/
/libraries/6vhzwoZoNDSMtSC/
/libraries/QhtrjCZymLp5EbqOdpKk/
/libraries/vNjJU0JOEiZVljVrZavkePpju/
/marfinance/gdwyLku/
/Menu/RBjbO/
/Menu/XNMhx6nSnnpp8aZzk/
/movie_link/4l6T5s7EcTyT/
/movie_link/osw54cGkTZr0/
/mt-admin/gCObckGgJyOJWJLZ/
/n3rz4Y9rscfwluelvDV/LqxCq/
/old/EEoE433/
/old/PuVaff/
/OLD_BORRAR/ceCC6SPMue/
/old_source/9boJQZpTSdQE/
/page/sAnfptTN0J4pw4S6B1Y/
/PaginaMasVieja1321654/VXbZo/
/PAQUES/bPiA2l6foj7kjN/
/pk/tRqU7/
/pKUVQsfSHB/bBq4ILmzfKIoAmwnLP/
/pKUVQsfSHB/cfF/
/plugins/jG3iqpQaTL1TXYMolH/
/plugins/S3UsCMQhf1DBHTkiSEm/
/Re9e27V3Kd/PQFv/
/renew2019/Back2016-12-22/
/repellatdoloremque/XGc7rXmnrdSO/
/Revista/HgrQSZcBtk/
/Revista/JljahSR26i5k/
/Revista/kkLJV6YZI6I/
/Revista/z9VYb5pwXheINT/
/Revista/zG4DRI/
/RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/
/saharaUK/2UXmSjlPLoroRMOjJ2AfDM/
/sites/3BvaCmo/
/stats/KVIyooM/
/studyinusa/c9GcsoElVub05Q4iTjI7j53UQCpdSA/
/tapas2/AWlo/
/tapas2/isD/
/temp/BBh5HHpei/
/temp/IVHD00GG/
/templates/2saGKy0qR5LA8uM/
/templates/7F108jCmRMHLOk/
/templates/BrRf8QDloUqNyTAdXE/
/templates/bzYj/
/templates/IwJiHDBEAdwATHwfgY7/
/templates/mbRFivc7CQ9ZyRXiDI7iNy/
/templates/pJRea3Iu3wG/
/templates/PmXH0h62RnWUjxY2bWN/
/templates/RnotTx3uT1qVusIFTl2/
/templates/TlbsO1F7p/
/test/GccRw/
/theme/A7IdsEk1uJo/
/TMkGx6CJ5WWoFnH8t6eAQ8E91//
/tmp/3Qty7GTQht/
/tr/bbRjEuBFYBX4Oiod/
/tr/Oa97cQB4l4Clf9/
/UploadedFiles/CQTqp8ybddYdbPZIcV3/
/UploadedFiles/UYtJNrT2llxy1/
/uploads/g5QMC5XVlj/
/web_images/rHDPqCa8BGFXnnwHjJl/
/wH3bd37xcJBEKu/Cba9lBuj4pQidgw/
/wordpress_4/kSNthhP5C9KswzAC9cBMmku/
/wordpress_4/zxPS1i6oWXBbeK/
/wp-admin/2V8H/
/wp-admin/2ysGFKDbYP5sJB0Xg/
/wp-admin/5n42ncL3nWMbJHwy7/
/wp-admin/9IW7L1gKwWOoNQREJ6/
/wp-admin/B1bA/
/wp-admin/bLMH9Q3bG/
/wp-admin/FjgB6I/
/wp-admin/FKTynV/
/wp-admin/MukeqeAOTXGX6UZ/
/wp-admin/qcgRq15U9PNBc4z/
/wp-admin/qGb/
/wp-admin/QyqiN/
/wp-admin/REvup/
/wp-admin/user/
/wp-admin/VKuUS10kNpfiLRwQEXN/
/wp-admin/vyjYPEc/
/wp-admin/wzZ3RIsItxZsu77MFxs/
/wp-admin/XyGLg1/
/wp-admin/Y22GqmMm/
/wp-content/09i4dfKbpiuj8k/
/wp-content/4TPDUppb/
/wp-content/7dODakeZZ83fJi/
/wp-content/bV2JMWZz/
/wp-content/cx7EFvxoK3mdBHX4MRXQKcBDiU/
/wp-content/emmK/
/wp-content/jkNQKmmMlZi/
/wp-content/tfNs1crHYZd6F5/
/wp-content/V6Igzw8/
/wp-content/xOvCgoYFAIVjwy6I/
/wp-content/YQ7IkSjIEP9r/
/wp-content/yqNxi8IKbRIt7akB/
/wp-content/zvPeH/
/wp-includes/0AEt8wRWroIJmVgEjZC/
/wp-includes/2Ecobg/
/wp-includes/2l92XulnC6aZzv0jNGN/
/wp-includes/2UYhNgIaNeIBM/
/wp-includes/hiCmBIU45rnQjc/
/wp-includes/hp64zMwYlTJoO3l/
/wp-includes/JSDlHbnRdWAMrLKFQ/
/wp-includes/KPfIhRvHsnocXQ2z/
/wp-includes/NPNGSFzuH/
/wp-includes/Oopph6H4Jg/
/wp-includes/pIxAd/
/wp-includes/Rv35Z/
/wp-includes/UamQky9H9rSyN7CWdue/
/wp-includes/x918PGFU/
/wp-snapshots/himv0rbBofmABf3ewN/
/yamada-shoshi/V61hH/
/zoombox-master/75wLA48wnAGsckgKb/
/zoombox-master/aCt/
/zoombox-master/c6aWh7ah6vqz/
/zoombox-master/INGYvA0m/
/zoombox-master/SEQtwcSCGpSyg/
/zoombox-master/u6QVKZamtaV5L66Nx/
/02tLuEpm/
/04iIX2OE7gFJBkLdt/
/05SkiiW9y4DDGvb6/
/09i4dfKbpiuj8k/
/0AEt8wRWroIJmVgEjZC/
/0mhNze/
/0ywf2bF/
/1BAEFmOYqIf7HLg/
/1XOgZSSlKVJ6/
/2Ecobg/
/2jNG94sK8ghPDEZR3M64ZdjvaJAl/
/2l92XulnC6aZzv0jNGN/
/2saGKy0qR5LA8uM/
/2UXmSjlPLoroRMOjJ2AfDM/
/2UYhNgIaNeIBM/
/2ysGFKDbYP5sJB0Xg/
/3BvaCmo/
/3Qty7GTQht/
/3UTZYr9D9f/
/4185PINT/
/4HFi3ZZYtnYgtELgCHnZ/
/4l6T5s7EcTyT/
/4TPDUppb/
/56LwAJvy/
/5n42ncL3nWMbJHwy7/
/61BKcuxC5HWBPbpPHKDI9/
/62TTrs2MEXQ2mmRB22/
/64prPlDhbugztyb2Zl/
/6vhzwoZoNDSMtSC/
/6wp2K4sfQmVIRy6ZvdiH/
/6ZzlWq5UdvMkkNk/
/75wLA48wnAGsckgKb/
/7dODakeZZ83fJi/
/7F108jCmRMHLOk/
/7UDFBjYypFJloFOLvP/
/7YU1j9lqBX3bii/
/83E0xgTMc/
/8C7AwiFZmI1p/
/8Cwqi8/
/9boJQZpTSdQE/
/9IW7L1gKwWOoNQREJ6/
/9Pbi1J2/
/9vvHAXe5/
/A1sVGeUdOmXpPeof/
/A7IdsEk1uJo/
/abrtvpK/
/aFtWkmsrOuZ6uWk1/
/akfa6L4b/
/AR4nYNd9xpn/
/BBh5HHpei/
/bBq4ILmzfKIoAmwnLP/
/bbRjEuBFYBX4Oiod/
/bLMH9Q3bG/
/bPiA2l6foj7kjN/
/BrRf8QDloUqNyTAdXE/
/bV2JMWZz/
/bYgwNXnkq/
/c349IB7OmLvMgcZEoCe/
/c6aWh7ah6vqz/
/c7crGdejW4380ORuxqR/
/c9GcsoElVub05Q4iTjI7j53UQCpdSA/
/Cba9lBuj4pQidgw/
/ceCC6SPMue/
/coQ8DPIUBYkwH/
/CQTqp8ybddYdbPZIcV3/
/Cvfhkget00Lrk41a/
/cx7EFvxoK3mdBHX4MRXQKcBDiU/
/cX9eVP/
/DFjRxYGc/
/dfKNLblF/
/DFNorq/
/dgAqqwwIeejxNozI/
/DiazQsBnLhW3zpKRe/
/doWHIxLe7e/
/e2oCWBnC/
/e4Pkx/
/e5R5oG4iEaQnxQrZDh/
/eDSfvIcQEGIKGsiK/
/EEoE433/
/eeU5HhscZ10Y5O2Ss/
/ejevw82KJ6VYDzZY3O/
/EpRj8CMVJJ/
/ErI5F74cwiiOywe/
/FbgG5Xk/
/Fg1vvhlYJ/
/Fgv77t71DAPm09UU/
/FjgB6I/
/FKTynV/
/FMPTFCp/
/fovLaro/
/fquccH5zPj/
/fTDJOdTa1USKl43wFtnb/
/g5QMC5XVlj/
/G89kXzBAJO77QSgFgUxa/
/GAhmgvhLgUn6/
/GccRw/
/gCObckGgJyOJWJLZ/
/gdwyLku/
/Ge3FN11FjPBzlOiO/
/gOTeFmMuXhfsGqDl/
/GwdtlCyoXB9/
/gZSppeiuOneFdNZfubX2iQ/
/H6Qm88nzyQe/
/HG1y7EgWrBA8fDYUIceqaL2pUqcj/
/HgrQSZcBtk/
/hiCmBIU45rnQjc/
/himv0rbBofmABf3ewN/
/hnZjHGo1EYITQZ/
/hp64zMwYlTJoO3l/
/HSDYKN1X5GLF/
/HyaDnlbl6K7tbh2Lugys/
/IEEsyn/
/ik8EFuXqc/
/ImchViGgNmO/
/INGYvA0m/
/iopAQaRrZYgA883NZ/
/iTNRUusWY3qNlhBpG/
/IVHD00GG/
/IwJiHDBEAdwATHwfgY7/
/Iye11aStLm1/
/izJQ708a1/
/jb7urLT2s/
/Jc3LJXQ6wEemK7g876/
/Je0XC4R/
/JfjLv/
/jG3iqpQaTL1TXYMolH/
/jkNQKmmMlZi/
/JljahSR26i5k/
/JMHFvkdcAjY/
/JSDlHbnRdWAMrLKFQ/
/JUJWT/
/jWdUsHIsoD/
/jwh2cwjFHLZL/
/k4eMbtkYkWcIMeA/
/K66s1IU9h/
/kBuNjsECS9y2gRB6xaC/
/kkLJV6YZI6I/
/kM442bdMLLMQ1qJe5/
/KPfIhRvHsnocXQ2z/
/kSNthhP5C9KswzAC9cBMmku/
/KVIyooM/
/kWXKDqsBEiPvG/
/l34jaFq0PIh3/
/l7ZERv5deNsfzlZUZ/
/llDJKV/
/lmQJVAf1VhasevFipwEFRObbxGXRZ/
/LqxCq/
/m8LaKB0hBb/
/mbRFivc7CQ9ZyRXiDI7iNy/
/mh3MMGKfhXtJ/
/MRzxnRKVcE43yeQx/
/MukeqeAOTXGX6UZ/
/n3rz4Y9rscfwluelvDV/
/NDPruKKpO/
/NGTx1FUzq/
/NPNGSFzuH/
/Oa97cQB4l4Clf9/
/OAIrGjd1Or4QEWEuaxHbkIOPcqdK/
/OEEtgXEetqIvVsq/
/Oopph6H4Jg/
/opbDKH6cq5euv2Cztzb/
/OPVeVSpO/
/OqHwQ8xlWa5Goyo/
/osw54cGkTZr0/
/oYJF64dcGKWp7dGrP/
/P3kTyZjKSLHIcLhpJ4/
/PaginaMasVieja1321654/
/pf5HqLMkI/
/PhEbceg4Tx/
/phOuINN3n376Cv1Fsa37/
/PiLGiTrLqCWuoRr6/
/pIxAd/
/pJRea3Iu3wG/
/PmXH0h62RnWUjxY2bWN/
/PVrH9X9PyARmyn3s/
/Q4UgYNLmsaosQ2/
/q73HpTY/
/qcgRq15U9PNBc4z/
/qFVa7tzob2eQTk5dWD/
/qH2EHuvYVoJEJ2/
/QhtrjCZymLp5EbqOdpKk/
/qm4lrFF/
/qnKqfcj4q/
/qoOYPhlkRGnBClmNu5I/
/QphfoQq4t/
/rggmVTfvT/
/rHDPqCa8BGFXnnwHjJl/
/RKpaLk40sk3tfh2ylKH/
/rnMp0ofR/
/RnotTx3uT1qVusIFTl2/
/roYgjVHpS/
/Rv35Z/
/RVfrablPa9HS6UAJ/
/RxsGgoVWz9/
/RYnIOe9nU3/
/S3UsCMQhf1DBHTkiSEm/
/S6UqYij8pBV1vK/
/sAnfptTN0J4pw4S6B1Y/
/Semrx6pQ/
/SEQtwcSCGpSyg/
/sFUY3/
/srN0xYgm/
/stoyH/
/suTTfnjUrAC69ByAU9h1kv9T/
/TbUvEBJ/
/tfNs1crHYZd6F5/
/tgQwxic4QwuM/
/TlbsO1F7p/
/TMkGx6CJ5WWoFnH8t6eAQ8E91/
/TpbeXlnwwTB/
/TpIIt7SmNBsWCECLoHrS/
/Tq9tCfKAZcxvKCxl/
/tRqU7/
/TTHOm833iNn3BxT/
/Tzm3xsCsT4DScdUFOx/
/u6QVKZamtaV5L66Nx/
/UamQky9H9rSyN7CWdue/
/UCm4mbyEhvMgiqOjPw/
/UYruujsiC2YXaBBSSl7/
/UYtJNrT2llxy1/
/UZlstV/
/V61hH/
/V6Igzw8/
/vhmTEdL4h2/
/vJd6L/
/VKuUS10kNpfiLRwQEXN/
/vNjJU0JOEiZVljVrZavkePpju/
/VPe69A9Tk/
/Vt2umvq3ufyBZZWR2HZ/
/vukvR2flVIu62E/
/VXbZo/
/vyjYPEc/
/Wcm82enrs8/
/wg2BqaWFRZb1G/
/wH3bd37xcJBEKu/
/wl0ENiE3BhELXV6V/
/WP0CVU9BtPZ6IRoO9ZlRMw/
/wzZ3RIsItxZsu77MFxs/
/x918PGFU/
/xdeAU0rx26LT9I/
/XGc7rXmnrdSO/
/xjvFXPUX7XeoPWTqSQ2/
/XNMhx6nSnnpp8aZzk/
/xOvCgoYFAIVjwy6I/
/xuPEi/
/XyGLg1/
/Y22GqmMm/
/y2obW1nmOgHOr4A7kw95JKRYZxAy4/
/Y7gy8vFc93EGgNB7d5liwLCiUX/
/yaWLCfVBI/
/yJ6C01yO1uRd/
/yKgYN2K0mYY/
/YolqTCGPcBX0h/
/YQ7IkSjIEP9r/
/yqNxi8IKbRIt7akB/
/Yu8wjHLmAzqyUS3XTSe/
/YXaPiWbFMKT/
/z1b9YfHoX7Fp/
/z9VYb5pwXheINT/
/ZC59RU5VC01n/
/zG4DRI/
/zvPeH/
/zxPS1i6oWXBbeK/

# Reference: https://twitter.com/Cryptolaemus1/status/1529754810698039297

sacvasanth.com/public/lyP2lh1hlJr/
stockmorehouse.com/Casa_Grande/AS4VPkTsOqWDGGO/
watersgroupglobal.com/cgi-bin/nQmb6asGeqMlh/
webguruindia.com/theme/wTbEyLVvMNB3j/
/Casa_Grande/AS4VPkTsOqWDGGO/
/cgi-bin/nQmb6asGeqMlh/
/public/lyP2lh1hlJr/
/theme/wTbEyLVvMNB3j/
/AS4VPkTsOqWDGGO/
/lyP2lh1hlJr/
/nQmb6asGeqMlh/
/wTbEyLVvMNB3j/

# Reference: https://twitter.com/Cryptolaemus1/status/1529748938747965440

talbiz.com/__MACOSX/7XV9svnWeDq/
tecni-soft.com/ACCESORIOS/Xqp/
thearlephotography.com/wp/nrmY/
thegeers.com/media/18TKQU36V/
thestewardsco.com/gJRWFBGvKVVxjE/
titaniumspareparts.com/wp-includes/orgdTLhNAy7SdeK/
/__MACOSX/7XV9svnWeDq/
/ACCESORIOS/Xqp/
/media/18TKQU36V/
/wp-includes/orgdTLhNAy7SdeK/
/18TKQU36V/
/7XV9svnWeDq/
/gJRWFBGvKVVxjE/
/orgdTLhNAy7SdeK/

# Reference: https://twitter.com/Cryptolaemus1/status/1531558750049665024

thisiselizabethj.com/wp-content/JabfxEDRBN/
/wp-content/JabfxEDRBN/
/JabfxEDRBN/

# Reference: https://twitter.com/Cryptolaemus1/status/1531549995173744640

furnituremanila.com/mmatipscom/IactRf3Hsz/
martinmichalek.com/_sub/wT6cXi/
natayakim.com/_hlam/WCCkXX/
tecni-soft.com/ACCESORIOS/PLg/
thestewardsco.com/wRxYHvdcV/
/ACCESORIOS/PLg/
/_hlam/WCCkXX/
/_sub/wT6cXi/
/mmatipscom/IactRf3Hsz/
/IactRf3Hsz/
/WCCkXX/
/wRxYHvdcV/
/wT6cXi/

# Reference: https://twitter.com/Cryptolaemus1/status/1531916548394598400

hakanaa.com/alta-frequencia/bIA8J2/
sun2u.com/wp-includes/cbDwpRMYWzLGD/
tekstiluzmangorusu.com/wp-admin/dshaqzwGiuTtiod/
tgasiamanagement.com/wp-content/m7Dk7daqAXF/
togogeeks.net/travel/yQJJPAQ/
tp-conceptdiffusion.com/POUB/7InkX/
/alta-frequencia/bIA8J2/
/POUB/7InkX/
/travel/yQJJPAQ/
/wp-admin/dshaqzwGiuTtiod/
/wp-content/m7Dk7daqAXF/
/wp-includes/cbDwpRMYWzLGD/
/7InkX/
/bIA8J2/
/cbDwpRMYWzLGD/
/dshaqzwGiuTtiod/
/m7Dk7daqAXF/
/yQJJPAQ/

# Reference: https://twitter.com/Max_Mal_/status/1532378581493592066

103.224.241.74:8080
104.244.79.94:443
157.245.111.0:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1532651637847621633

fyambe.news/cgi-bin/Wbe40tfynFs4rC/
hathaabeach.com/documents/pr6/
suddedx.com/jokerslot/mb2Eadbdssh/
tassira.com/WordPress/vwZQL4Z5BPcFL3z/
/cgi-bin/Wbe40tfynFs4rC/
/jokerslot/mb2Eadbdssh/
/WordPress/vwZQL4Z5BPcFL3z/
/mb2Eadbdssh/
/vwZQL4Z5BPcFL3z/
/Wbe40tfynFs4rC/

# Reference: https://twitter.com/Cryptolaemus1/status/1532659957887168513

aseguradosaldia.com/wp-content/fKD7pFlruL4/
biathlon-sachsen.de/J3/QqJDWruxBWhYr9Pz5hp/
boucherie-thollas.com/wp-content/Q/
hsperu.pe/intranet_old/enwUUh7bZ5oyVB/
supersanmutfak.com/Template/fMh7nu/
timoleary.co.uk/css/7Nvb3VNWJH/
venessori.com/pc97sQPqfcVam4EUtcU5/
wenne24.keurigonline52.nl/cgi-bin/FsHQ3ndkZb/
windsystem.hu/cgi-bin/bqAvE44wqXSBGRhyQy/
wisatakulinerku.com/cgi-bin/QxuMrzuN/
/cgi-bin/bqAvE44wqXSBGRhyQy/
/cgi-bin/FsHQ3ndkZb/
/cgi-bin/QxuMrzuN/
/css/7Nvb3VNWJH/
/intranet_old/enwUUh7bZ5oyVB/
/J3/QqJDWruxBWhYr9Pz5hp/
/pc97sQPqfcVam4EUtcU5/
/Template/fMh7nu/
/wp-content/fKD7pFlruL4/
/7Nvb3VNWJH/
/bqAvE44wqXSBGRhyQy/
/enwUUh7bZ5oyVB/
/fKD7pFlruL4/
/fMh7nu/
/FsHQ3ndkZb/
/pc97sQPqfcVam4EUtcU5/
/QqJDWruxBWhYr9Pz5hp/
/QxuMrzuN/

# Reference: https://twitter.com/Cryptolaemus1/status/1532795305749811200

banchann.com/product/4yKcLeflYPBSv11/
brennanasia.com/images/cP8CMBY5qx1u/
tineriibucuresteni.ro/wp-includes/YBygw/
toworks.ca/phpmyadmin/X/
vietroll.vn/wp-content/TQdkP/
wietsedevries.nl/webstats/SeCPyiQbgmZYBLowsoKe/
/images/cP8CMBY5qx1u/
/product/4yKcLeflYPBSv11/
/webstats/SeCPyiQbgmZYBLowsoKe/
/wp-content/TQdkP/
/wp-includes/YBygw/
/cP8CMBY5qx1u/
/SeCPyiQbgmZYBLowsoKe/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-03%20Emotet%20(E4)%20xls%20IOCs

107.170.39.149:8080
115.68.227.76:8080
159.89.202.34:443
186.194.240.217:443
207.180.241.186:8080
37.187.115.122:8080
41.73.252.195:443
82.223.21.224:8080

# Reference: https://www.virustotal.com/gui/file/0a140867cfc22714293b011fc68d007a3f248b6fae7fafe6a32b866576378f32/detection

bitmask.trade

# Reference: https://twitter.com/silv0123/status/1534004290620104704
# Reference: https://www.virustotal.com/gui/file/c32d2be74a692229d98476b4b87d211c74a4725cf985368180b759ec848cfe27/detection

nexxdecor.vn

# Reference: https://twitter.com/Cryptolaemus1/status/1534423639105253377
# Reference: https://twitter.com/JAMESWT_MHT/status/1534106309422874624
# Reference: https://twitter.com/ScarletSharkSec/status/1533831235256082437

ait-service.com/images/cLtrZtaV7zkqt/
assaref.ma/old_assaref/A2B3P/
bpsjambi.id/about/SY0hWjjZ5snr/
brennanasia.com/images/6IwPBHbnUvfgugV1b/
bulldogironworksllc.com/temp/m1NNwGXaF/
burgarellaquantumhealing.org/NRl0YMBGNh8i/
chobemaster.com/components/GxCs/
cncadventist.org/wp-content/9qikjVD84B/
estacioesportivavilanovailageltru.cat/tmp/IgSyqwgJmE/
faisonfilms.com/wp-includes/jOA/
fyambe.news/cgi-bin/PJMjj3QG/
lightmyfire.in/demo/RIkAFgTFVuaI05r2/
marinamotorsindia.in/qLSYRJ4Y/ysIaBtnX3jhnmVyyZ5F/
nationco-op.org/css/8wv7lB5/
nekretnine-arka.hr/administrator/XS9uuam/
neuro-feedback-lyon.fr/wp-admin/xAEIC7jXL8q/
nexxdecor.vn/apk/zy8GkZ/
noordhoekmedical.co.za/new/xkW0Uq9ZKpo4h/
oncrete-egy.com/wp-content/G6l9zCsB/
opencart-destek.com/catalog/I7bBtKT3f2hpmhrV/
oralsinbrusque.com.br/BackUp/5qEnU8EU041pKeJ/
p-i-s-e.fr/language/yyfMPaq0mGom/
panscollections.in.th/assets/azHOBDoux/
papillonweb.fr/wp-content/G8z08q0mj/
printimiskeskus.ee/wp-includes/E2nivfaXuKKYdyo3h/
roviel.mx/wp-includes/uX2WDFhrE/
socigo.eu/wPZhZP2vUM/
stainedglassexpress.com/classes/LHwZDYjPVBMBsxgW7/
supersanmutfak.com/Template/KaYyIBPxMukjoSpAbj/
sweetzone.co/js/XVK/
thongcongnghethuthamcau.com/wp-includes/FOn2rFscjSxmSTIt5j/
topvipescortsclub.com/assets1/s36c7eLiYV/
trencadisacademia.com/wp-includes/dR7V80Fe/
void.by/wp-content/Z/
zacharywythe.com/pb_index_bak/SkEGB2c/
zktecovn.com/wp-admin/xxfnYY4zwOpFOgu3g1t/
zonainformatica.es/aspnet_client/pVcppgi00Dk/
zspwolawiazowa.pl/images/mE2Zm8RKpaLk40sk/
/about/SY0hWjjZ5snr/
/administrator/XS9uuam/
/apk/zy8GkZ/
/aspnet_client/pVcppgi00Dk/
/assets/azHOBDoux/
/assets1/s36c7eLiYV/
/BackUp/5qEnU8EU041pKeJ/
/catalog/I7bBtKT3f2hpmhrV/
/cgi-bin/PJMjj3QG/
/classes/LHwZDYjPVBMBsxgW7/
/components/GxCs/
/css/8wv7lB5/
/demo/RIkAFgTFVuaI05r2/
/images/6IwPBHbnUvfgugV1b/
/images/cLtrZtaV7zkqt/
/images/mE2Zm8RKpaLk40sk/
/language/yyfMPaq0mGom/
/new/xkW0Uq9ZKpo4h/
/old_assaref/A2B3P/
/pb_index_bak/SkEGB2c/
/qLSYRJ4Y/ysIaBtnX3jhnmVyyZ5F/
/temp/m1NNwGXaF/
/Template/KaYyIBPxMukjoSpAbj/
/tmp/IgSyqwgJmE/
/wp-admin/xAEIC7jXL8q/
/wp-admin/xxfnYY4zwOpFOgu3g1t/
/wp-content/9qikjVD84B/
/wp-content/G6l9zCsB/
/wp-content/G8z08q0mj/
/wp-includes/dR7V80Fe/
/wp-includes/E2nivfaXuKKYdyo3h/
/wp-includes/FOn2rFscjSxmSTIt5j/
/wp-includes/jOA/
/wp-includes/uX2WDFhrE/
/5qEnU8EU041pKeJ/
/6IwPBHbnUvfgugV1b/
/8wv7lB5/
/9qikjVD84B/
/azHOBDoux/
/cLtrZtaV7zkqt/
/dR7V80Fe/
/E2nivfaXuKKYdyo3h/
/FOn2rFscjSxmSTIt5j/
/G6l9zCsB/
/G8z08q0mj/
/I7bBtKT3f2hpmhrV/
/IgSyqwgJmE/
/KaYyIBPxMukjoSpAbj/
/LHwZDYjPVBMBsxgW7/
/m1NNwGXaF/
/mE2Zm8RKpaLk40sk/
/NRl0YMBGNh8i/
/PJMjj3QG/
/pVcppgi00Dk/
/qLSYRJ4Y/
/RIkAFgTFVuaI05r2/
/s36c7eLiYV/
/SkEGB2c/
/SY0hWjjZ5snr/
/uX2WDFhrE/
/wPZhZP2vUM/
/xAEIC7jXL8q/
/xkW0Uq9ZKpo4h/
/XS9uuam/
/xxfnYY4zwOpFOgu3g1t/
/ysIaBtnX3jhnmVyyZ5F/
/yyfMPaq0mGom/
/zy8GkZ/

# Reference: https://twitter.com/Cryptolaemus1/status/1534442725071650816

tekstiluzmangorusu.com/wp-admin/GKdQvamnPcK/
/wp-admin/GKdQvamnPcK/
/GKdQvamnPcK/

# Reference: https://twitter.com/Cryptolaemus1/status/1534441767785091072

yakosurf.com/wp-includes/S/
yedirenkajans.com/eski/EveoFqk8HluvS/
yell.ge/nav_logo/AEnTP/
yoymanajemen.id/wp-admin/x9Eju0/
yudaisuzuki.jp/150911pre/iI/
yusufkarpak.com.tr/css/7yCJ6KpGNdOwnW/
/css/7yCJ6KpGNdOwnW/
/eski/EveoFqk8HluvS/
/wp-admin/x9Eju0/
/7yCJ6KpGNdOwnW/
/EveoFqk8HluvS/
/x9Eju0/

# Reference: https://twitter.com/Cryptolaemus1/status/1534515568815923201

wahkiulogistics.com.hk/upload/AvtsILsT00O/
xenangifc.vn/wp-admin/CAzHLCrGgwXw6KTX0lMm/
yahir-fz.com/joy/ZnIjgkgZ18/
yedirenkajans.com/eski/y91J/
/joy/ZnIjgkgZ18/
/upload/AvtsILsT00O/
/wp-admin/CAzHLCrGgwXw6KTX0lMm/
/AvtsILsT00O/
/CAzHLCrGgwXw6KTX0lMm/
/ZnIjgkgZ18/

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-06-07-IOCs-for-Emotet-with-Cobalt-Strike.txt

114.79.130.68:8080
134.209.164.181:8080
173.249.25.219:443
190.107.19.180:8080
212.83.184.188:8080
58.96.74.42:443
bencevendeghaz.hu/wp-includes/S1mIEUnClr5s8krOm/
chobemaster.com/components/GxCs/
vibesapparels.com/dQa/Qzuqq5TZO/
/dQa/Qzuqq5TZO/
/wp-includes/S1mIEUnClr5s8krOm/
/S1mIEUnClr5s8krOm/
/Qzuqq5TZO/

# Reference: https://twitter.com/Cryptolaemus1/status/1534590926793986050

http://188.166.245.112
ftp.yuecmr.org/wp-content/EoHM9Z73mGN43lp60x/
worldmedicsky.info/matsumoto-/Tv2IOGr2p/
zvdesign.info/components/OFBzyGyPSJQamODF4S/
/components/OFBzyGyPSJQamODF4S/
/matsumoto-/Tv2IOGr2p/
/template/hK3aUGxlMDTKv1Em82R/
/wp-content/EoHM9Z73mGN43lp60x/
/EoHM9Z73mGN43lp60x/
/hK3aUGxlMDTKv1Em82R/
/OFBzyGyPSJQamODF4S/
/Tv2IOGr2p/

# Reference: https://twitter.com/Cryptolaemus1/status/1534788970739298304

iluminaguarapuava.com.br/wp-includes/WxiXRQhAVLruApIee95K/
sigratech.de/career/TaUWpjEtkdLZ3xk/
webnet.ltd.uk/wp-includes/16aute56ZVrAYR6NUL47/
xebabanhchohang.vn/wp-content/pt/
/wp-includes/16aute56ZVrAYR6NUL47/
/wp-includes/WxiXRQhAVLruApIee95K/
/career/TaUWpjEtkdLZ3xk/
/16aute56ZVrAYR6NUL47/
/TaUWpjEtkdLZ3xk/
/WxiXRQhAVLruApIee95K/

# Reference: https://twitter.com/Cryptolaemus1/status/1534693804124798976

http://136.243.217.250
mass-gardinen-shop.de/css/OlfyjQTQ/
nazreghadir.ir/wp-includes/lY90k2vwa/
vietroll.vn/wp-content/KsPEi/
wietsedevries.nl/stylesheets/RmcAxAfnnOTlTqyu7h/
zoelake.co.uk/pregnancy_files/O8pDzTtBe7/
/application/TpoPv/
/css/OlfyjQTQ/
/pregnancy_files/O8pDzTtBe7/
/stylesheets/RmcAxAfnnOTlTqyu7h/
/wp-content/KsPEi/
/wp-includes/lY90k2vwa/
/O8pDzTtBe7/
/OlfyjQTQ/
/RmcAxAfnnOTlTqyu7h/
/lY90k2vwa/

# Reference: https://twitter.com/Cryptolaemus1/status/1534874596448423936

aseguradosaldia.com/wp-content/kelQuot9kofUTL90uuE/
ftp.meconser.com/banner/rrMocScrq7/
hathaabeach.com/documents/k88rn/
wordpress.agrupem.com/wp-admin/jimjzu/
/banner/rrMocScrq7/
/documents/k88rn/
/wp-admin/jimjzu/
/wp-content/kelQuot9kofUTL90uuE/
/jimjzu/
/k88rn/
/kelQuot9kofUTL90uuE/
/rrMocScrq7/

# Reference: https://twitter.com/Cryptolaemus1/status/1534938223503634432

ftp.yourbankruptcypartner.com/wp-content/ksdtjfFji/
/wp-content/ksdtjfFji/
/ksdtjfFji/

# Reference: https://twitter.com/Cryptolaemus1/status/1534647791448096768

http://202.29.80.55
http://23.239.12.243
adviceme.gr/test/SSzbOkk633/
xpansul.com/Xpansul_Labs/Faol8LBh5I/
/dealspot/SvebxVmFucz/
/test/SSzbOkk633/
/Xpansul_Labs/Faol8LBh5I/
/Faol8LBh5I/
/SSzbOkk633/
/SvebxVmFucz/

# Reference: https://twitter.com/Cryptolaemus1/status/1534937952807112710

upscalifornia.us/libraries/VDu9kaMu/
webbandi.hu/image/m7IzjWQftQ1Jyw6/
zarzamora.com.mx/cgi-bin/hAuGj65SuKr/
/cgi-bin/hAuGj65SuKr/
/image/m7IzjWQftQ1Jyw6/
/libraries/VDu9kaMu/
/hAuGj65SuKr/
/m7IzjWQftQ1Jyw6/
/VDu9kaMu/

# Reference: https://twitter.com/Cryptolaemus1/status/1534602591627141121

retardantedefuegoperu.com/slider/E3aod/
wolle.pl/10000/pK92K8mzsUhIxNH7t/
xevis.net/xevis/tIkZkWH/
xprosac.com/wp-admin/Ulou9WHUjUkCJCzh0cV1/
/10000/pK92K8mzsUhIxNH7t/
/slider/E3aod/
/wp-admin/Ulou9WHUjUkCJCzh0cV1/
/xevis/tIkZkWH/
/pK92K8mzsUhIxNH7t/
/tIkZkWH/
/Ulou9WHUjUkCJCzh0cV1/

# Reference: https://twitter.com/Cryptolaemus1/status/1534617936518053888

buffetmazzi.com.br/ckfinder/urhhQc5W/
cesasin.com.ar/administrator/VNtzZVVTAJNH7/
wehx.com.br/wp-snapshots/ds37LVL/
zigorat.us/wp-admin/gUEMmDvnl/
/administrator/VNtzZVVTAJNH7/
/ckfinder/urhhQc5W/
/wp-admin/gUEMmDvnl/
/wp-snapshots/ds37LVL/
/ds37LVL/
/gUEMmDvnl/
/urhhQc5W/
/VNtzZVVTAJNH7/

# Reference: https://twitter.com/Cryptolaemus1/status/1535165003380142080

tvstv.yunethosting.rs/nesciuntquos/2SlrSdLBAv7/
usa-ltd.ie/wp-includes/0x7HPlZ8sGANiI5i/
vanlaereict.nl/domains/T9G5ruQJ/
wahkiulogistics.com.hk/upload/rIpUmi7MrlOc/
/domains/T9G5ruQJ/
/nesciuntquos/2SlrSdLBAv7/
/upload/rIpUmi7MrlOc/
/wp-includes/0x7HPlZ8sGANiI5i/
/0x7HPlZ8sGANiI5i/
/2SlrSdLBAv7/
/rIpUmi7MrlOc/
/T9G5ruQJ/

# Reference: https://twitter.com/dms1899/status/1535160015312498688

chobemaster.com/components/HKSRjeYB/
ingroupconsult.com/images/r1UA7ZRRR06/
primefind.com/my_pictures/doh/
weboculta.com/css/b3Lfooq37Gl4D/
/components/HKSRjeYB/
/css/b3Lfooq37Gl4D/
/images/r1UA7ZRRR06/
/b3Lfooq37Gl4D/
/HKSRjeYB/
/r1UA7ZRRR06/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-09%20Emotet%20(E5)%20IOCs

103.126.216.86:443
103.254.12.236:7080
103.71.99.57:8080
128.199.217.206:443
157.230.99.206:8080
165.22.254.236:8080
165.22.254.68:443
165.232.185.110:8080
198.199.70.22:8080
64.227.55.231:8080
watersgroupglobal.com/cgi-bin/hwCu/
web4nothing.com/cgi-bin/LAXoaAufu/
wpbizwon.com/FexOL2Wx00ooCfpgOw/
/cgi-bin/LAXoaAufu/
/FexOL2Wx00ooCfpgOw/
/LAXoaAufu/

# Reference: https://twitter.com/Cryptolaemus1/status/1535253743146373121

kmodo.us/cgi-bin/D/
travel.pkn2.go.th/img/AMqX1nFdEOnmk/
trivet.co.jp/css/itmXV55DnDn8MyXdeE8/
tryst.cz/sqluploads/qt0ExthG2Nnz/
/css/itmXV55DnDn8MyXdeE8/
/img/AMqX1nFdEOnmk/
/sqluploads/qt0ExthG2Nnz/
/AMqX1nFdEOnmk/
/itmXV55DnDn8MyXdeE8/
/qt0ExthG2Nnz/

# Reference: https://twitter.com/Cryptolaemus1/status/1535284154660626432

faisonfilms.com/wp-includes/5dszuc8mMSA4S0W9/
meconser.com/banner/tP8p/
topvipescortsclub.com/assets/eyA58rpFze5Gq/
wp.eryaz.net/bayar1/GQSMsqjA2/
/assets/eyA58rpFze5Gq/
/bayar1/GQSMsqjA2/
/wp-includes/5dszuc8mMSA4S0W9/
/5dszuc8mMSA4S0W9/
/eyA58rpFze5Gq/
/GQSMsqjA2/

# Reference: https://twitter.com/Cryptolaemus1/status/1535343209236557824

ftp.yuecmr.org/wp-content/Fa/
macssolutions.co.uk/cgi-bin/m3SRMIMsx2AZqvgJ/
zvdesign.info/components/FDz/
/cgi-bin/m3SRMIMsx2AZqvgJ/
/m3SRMIMsx2AZqvgJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1535388083730153472

hosting107068.a2f2a.netcup.net/career/99dtjWgQEmTtpt6C31/
napolni.me/3r/uF/
stellarsummit.97.double.in.th/assets/XbmebQRsUVHL0j/
zoompixel.com.br/wp-admin/qHS/
/assets/XbmebQRsUVHL0j/
/career/99dtjWgQEmTtpt6C31/
/99dtjWgQEmTtpt6C31/
/XbmebQRsUVHL0j/

# Reference: https://twitter.com/Cryptolaemus1/status/1536120791552512000

vietroll.vn/wp-content/k9tSTiW1CosKYJOjxd/
web4nothing.com/cgi-bin/xsKuBKuQYhYz/
webpartner.fr/language/mTbIHL2P12uJ3MJlL/
/application/OP4L7MV21hbub4/
/cgi-bin/xsKuBKuQYhYz/
/language/mTbIHL2P12uJ3MJlL/
/wp-content/k9tSTiW1CosKYJOjxd/
/k9tSTiW1CosKYJOjxd/
/mTbIHL2P12uJ3MJlL/
/OP4L7MV21hbub4/
/xsKuBKuQYhYz/

# Reference: https://twitter.com/Cryptolaemus1/status/1536239833001394177

ftp.yuecmr.org/wp-content/ABEmXjp2yexi/
lopespublicidade.com/cgi-bin/iCKDPIc9MPfP5MGT/
zachboyle.com/wp-admin/5sRA5YIwMfw4cgL/
/cgi-bin/iCKDPIc9MPfP5MGT/
/wp-admin/5sRA5YIwMfw4cgL/
/wp-content/ABEmXjp2yexi/
/5sRA5YIwMfw4cgL/
/ABEmXjp2yexi/
/iCKDPIc9MPfP5MGT/

# Reference: https://twitter.com/Cryptolaemus1/status/1536266890427142144

hangaryapi.com.tr/wp-admin/E1gb6ognvvn8HX/
kbmpti.filkom.ub.ac.id/config/LdgfVAaCy/
mass-gardinen-shop.de/css/AHE8baLiW/
nazreghadir.ir/wp-includes/kaiSEoHGa/
/css/AHE8baLiW/
/config/LdgfVAaCy/
/wp-admin/E1gb6ognvvn8HX/
/wp-includes/kaiSEoHGa/
/AHE8baLiW/
/E1gb6ognvvn8HX/
/kaiSEoHGa/
/LdgfVAaCy/

# Reference: https://twitter.com/Cryptolaemus1/status/1536259739310759936

yahir-fz.com/joy/ukKbmDGhmvSeFPgc/
yakosurf.com/wp-includes/pEIRmwLFb/
/joy/ukKbmDGhmvSeFPgc/
/wp-includes/pEIRmwLFb/
/pEIRmwLFb/
/ukKbmDGhmvSeFPgc/

# Reference: https://twitter.com/Cryptolaemus1/status/1536300967809130497

agrofar.net/wp-includes/9l/
naturalpremiumtraining.ch/SzrkGMyDKD/B5sqv641iBZRadB/
taltus.co.uk/ZI1MLTU4Iww3LtnrAPg/
/SzrkGMyDKD/B5sqv641iBZRadB/
/B5sqv641iBZRadB/
/SzrkGMyDKD/
/ZI1MLTU4Iww3LtnrAPg/

# Reference: https://twitter.com/Cryptolaemus1/status/1536387530009870336

descontador.com.br/stats/RJi2rQI4QXrWCfgdmi/
dhnconstrucciones.com.ar/wp-admin/Sm02ZsVDYWdoTb7rqL/
dilsrl.com/phone/pfip5m/
drechslerstammtisch.de/fonts/ZAyXbsf/
el-energiaki.gr/wp-includes/IdrVKOGYMQodu7IlOIh/
elaboro.pl/imgs/JZH2GIHtoO7/
/fonts/ZAyXbsf/
/imgs/JZH2GIHtoO7/
/phone/pfip5m/
/stats/RJi2rQI4QXrWCfgdmi/
/wp-admin/Sm02ZsVDYWdoTb7rqL/
/wp-includes/IdrVKOGYMQodu7IlOIh/
/IdrVKOGYMQodu7IlOIh/
/JZH2GIHtoO7/
/RJi2rQI4QXrWCfgdmi/
/Sm02ZsVDYWdoTb7rqL/
/ZAyXbsf/

# Reference: https://twitter.com/Cryptolaemus1/status/1536386595901046784

hathaabeach.com/documents/xbZxXi/
tekstiluzmangorusu.com/wp-admin/VThSCtERM5Hj/
zhivir.com/wp/yrqupT1QwXuRdX3/
/documents/xbZxXi/
/wp-admin/VThSCtERM5Hj/
/wp/yrqupT1QwXuRdX3/
/VThSCtERM5Hj/
/xbZxXi/
/yrqupT1QwXuRdX3/

# Reference: https://twitter.com/Cryptolaemus1/status/1536601427103035392

aacl.co.in/images/7CMc2NlOosD4pn6ljDw/
alpsawnings.co.za/logs/KMa83/
alrotec.co.uk/wp-includes/DD2jwgazTKsp/
/images/7CMc2NlOosD4pn6ljDw/
/logs/KMa83/
/wp-includes/DD2jwgazTKsp/
/7CMc2NlOosD4pn6ljDw/
/DD2jwgazTKsp/

# Reference: https://twitter.com/Cryptolaemus1/status/1536474951162773505

bpsjambi.id/about/RTZ0AQ1/
hosting107068.a2f2a.netcup.net/career/0mtNNfbZ/
/about/RTZ0AQ1/
/career/0mtNNfbZ/
/0mtNNfbZ/
/RTZ0AQ1/

# Reference: https://twitter.com/Cryptolaemus1/status/1536609335790665728

airhobi.com/system/gbh/
akdalarabic.com/cgi-bin/lmqmGv5s/
yesdeko.com/stats/xdlT/
zonetuner.com/licenses/QC4rII7/
/cgi-bin/lmqmGv5s/
/licenses/QC4rII7/
/lmqmGv5s/
/QC4rII7/

# Reference: https://twitter.com/Cryptolaemus1/status/1536652527240122368

andecam.com.ar/flyer-julio-2017-clientes/1heVrMvqUIgje/
deadcode200.c1.biz/js/BZjzK85jtrVUyl6cvbj/
hello-front.thlab.ru/favicon/fssoZs4b/
wordpress.agrupem.com/wp-admin/c7WVBumf5iYALK/
/favicon/fssoZs4b/
/flyer-julio-2017-clientes/1heVrMvqUIgje/
/js/BZjzK85jtrVUyl6cvbj/
/wp-admin/c7WVBumf5iYALK/
/1heVrMvqUIgje/
/BZjzK85jtrVUyl6cvbj/
/c7WVBumf5iYALK/
/fssoZs4b/

# Reference: https://twitter.com/Cryptolaemus1/status/1536469819997925376

agitasi.id/m/qLCZWt/
computercollegiate.com.pk/wp-admin/q69DZX4kKZ6ssRQ/
djhost.nl/8HOicoBufQNbjbM/
/wp-admin/q69DZX4kKZ6ssRQ/
/8HOicoBufQNbjbM/
/q69DZX4kKZ6ssRQ/

# Reference: https://twitter.com/Cryptolaemus1/status/1536669757973311488

aesiafrique.com/azerty/Xiuf0wUfv1yl/
agentofficetest.com/Uploads/gyF0i2X/
cabinet-psyche.com/eCMdgqeC9jjE/
/azerty/Xiuf0wUfv1yl/
/Uploads/gyF0i2X/
/eCMdgqeC9jjE/
/gyF0i2X/
/Xiuf0wUfv1yl/

# Reference: https://twitter.com/Cryptolaemus1/status/1536704022631002113

akarweb.net/cgi-bin/DeZ4p4xG/
cabans.com/CeudWYRQEzZgrHPcI/
calzadoyuyin.com/cgj-bin/jZPff/
/cgi-bin/DeZ4p4xG/
/cgj-bin/jZPff/
/CeudWYRQEzZgrHPcI/
/DeZ4p4xG/

# Reference: https://twitter.com/Cryptolaemus1/status/1536725293419077633

awam.be/moi/seYtEQPAW/
balcaodasmarcas.com/wp-content/X5plOf5lcRhDMfzy3/
fundacioncedes.org/_installation/vjglk6ECI/
mulmatdol.com/adm/lg46WOQGCq37Qedak/
wijsneusmedia.nl/cgi-bin/xNMrVukyjq2kmdO/
zenprod.com/im_edit/2w/
/_installation/vjglk6ECI/
/adm/lg46WOQGCq37Qedak/
/cgi-bin/xNMrVukyjq2kmdO/
/moi/seYtEQPAW/
/wp-content/X5plOf5lcRhDMfzy3/
/lg46WOQGCq37Qedak/
/seYtEQPAW/
/vjglk6ECI/
/X5plOf5lcRhDMfzy3/
/xNMrVukyjq2kmdO/

# Reference: https://twitter.com/Cryptolaemus1/status/1536693252136800257

anima-terapie.cz/language/zZGGKg/
thuybaohuy.com/wp-content/ruzWQQkqn3ocIKVoPwB/
wilusz.pl/f5a02c0b/bD/
/f5a02c0b/bD/
/language/zZGGKg/
/wp-content/ruzWQQkqn3ocIKVoPwB/
/ruzWQQkqn3ocIKVoPwB/

# Reference: https://twitter.com/Cryptolaemus1/status/1536717329332989952

cagranus.com/slide/mcqAFuMhaekn/
valyval.com/pun/VAYL/
/slide/mcqAFuMhaekn/
/mcqAFuMhaekn/

# Reference: https://twitter.com/Cryptolaemus1/status/1536786211922407424

ingelse.net/ndMmqxh/
kwickconnect.com/im-messenger/Szrb9EthOX91/
manchesterslt.co.uk/a-to-z-of-slt/xOgw/
/im-messenger/Szrb9EthOX91/
/a-to-z-of-slt/xOgw/
/a-to-z-of-slt/
/ndMmqxh/
/Szrb9EthOX91/

# Reference: https://twitter.com/Cryptolaemus1/status/1536792075898716160

cashmailsystem.com/upload/XmPSGLcygR7/
/upload/XmPSGLcygR7/
/XmPSGLcygR7/

# Reference: https://twitter.com/Cryptolaemus1/status/1536845301612683264

balticcontrolbd.com/cgi-bin/Gu0xno0kIssGJF8/
careofu.com/PHPExcel/sQ78BedribNJZbGYj/
cedeco.es/js/n74fS/
fikti.bem.gunadarma.ac.id/SDM/qNeMUe2RvxdvuRlf/
/cgi-bin/Gu0xno0kIssGJF8/
/PHPExcel/sQ78BedribNJZbGYj/
/SDM/qNeMUe2RvxdvuRlf/
/Gu0xno0kIssGJF8/
/qNeMUe2RvxdvuRlf/
/sQ78BedribNJZbGYj/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-14%20Emotet%20(E4)%20%232%20IOCs

144.91.78.55:443
172.105.226.75:8080
207.148.79.14:8080
45.186.16.18:443
51.161.73.194:443
64.227.100.222:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1536974575686152197

cansal.cl/cgi-bin/besSIJTfOk0DtHZR/
cecambrils.cat/wp-content/0KwOSfNDESlzVMoc/
chalkie.me.uk/cgi-bin/gMLuebzG2RskkJXwY/
/cgi-bin/besSIJTfOk0DtHZR/
/cgi-bin/gMLuebzG2RskkJXwY/
/wp-content/0KwOSfNDESlzVMoc/
/0KwOSfNDESlzVMoc/
/besSIJTfOk0DtHZR/
/gMLuebzG2RskkJXwY/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-15%20Emotet%20(E4)%20AM%20IOCs

bubblefootballeurope.de/wp-admin/3aMMnYP/
byrdnest3.com/cgi-bin/TEq/
carbonbros.co.za/logs/KSTJNdxZ73hIZPKddEDT/
casov.com/proxy/kk0OWcstqPOOyeG/
/logs/KSTJNdxZ73hIZPKddEDT/
/proxy/kk0OWcstqPOOyeG/
/wp-admin/3aMMnYP/
/3aMMnYP/
/kk0OWcstqPOOyeG/
/KSTJNdxZ73hIZPKddEDT/

# Reference: https://twitter.com/Cryptolaemus1/status/1537304350917554176

athanlifeapi.com.ar/Archivos/UHjXQM6L23N/
beeslandkerman.ir/XPFvBDrNkT/lUkOx4VAOizId7u/
boraintercambios.com.br/wp-includes/AN4ixiH4Th/
brb-ljubuski.com/wp-content/2MODCk0UZasTCL6tm/
breakdownlanemovie.com/wp-admin/ZMU4aSaYleS/
brigadir.com/bkp/SwrVs4yU/
bsbmakina.com.tr/logo/eVWaAWm/
bubblefootballeurope.de/wp-admin/3aMMnYP/
buddymorel.com/AoNghcuIc6q7BEKp4/
bureauinternacional.com.ar/contador-analista-proyectos/2w/
byrdnest3.com/cgi-bin/TEq/
cannipius.nl/cgi-bin/TgPA/
carbonbros.co.za/logs/KSTJNdxZ73hIZPKddEDT/
casov.com/proxy/kk0OWcstqPOOyeG/
cerdi.com/_derived/J4Fu7VmGZQ7rGA/
chaledooleo.com.br/headers/nwQNCuxK0k5OwyXSPyP/
chasingmavericks.co.ke/agendaafrikadebates.co.ke/QznOFMKV9R/
handboog6.nl/META-INF/f/
/_derived/J4Fu7VmGZQ7rGA/
/agendaafrikadebates.co.ke/QznOFMKV9R/
/AoNghcuIc6q7BEKp4/
/Archivos/UHjXQM6L23N/
/bkp/SwrVs4yU/
/contador-analista-proyectos/2w/
/headers/nwQNCuxK0k5OwyXSPyP/
/logo/eVWaAWm/
/logs/KSTJNdxZ73hIZPKddEDT/
/proxy/kk0OWcstqPOOyeG/
/wp-admin/3aMMnYP/
/wp-admin/ZMU4aSaYleS/
/wp-content/2MODCk0UZasTCL6tm/
/wp-includes/AN4ixiH4Th/
/XPFvBDrNkT/lUkOx4VAOizId7u/
/2MODCk0UZasTCL6tm/
/3aMMnYP/
/AN4ixiH4Th/
/AoNghcuIc6q7BEKp4/
/J4Fu7VmGZQ7rGA/
/KSTJNdxZ73hIZPKddEDT/
/QznOFMKV9R/
/SwrVs4yU/
/UHjXQM6L23N/
/XPFvBDrNkT/
/ZMU4aSaYleS/
/eVWaAWm/
/kk0OWcstqPOOyeG/
/lUkOx4VAOizId7u/
/nwQNCuxK0k5OwyXSPyP/

# Reference: https://twitter.com/Cryptolaemus1/status/1538798038168154112

bascoysonido.com.ar/cgi-bin/AmUUPhWK6oTKLzHpl7zm/
basnetbd.com/ckfinder/K0a/
bdtin.com/cache/4G8pl/
/cgi-bin/AmUUPhWK6oTKLzHpl7zm/
/cache/4G8pl/
/ckfinder/K0a/
/AmUUPhWK6oTKLzHpl7zm/

# Reference: https://twitter.com/Cryptolaemus1/status/1538831511713366016

colordropsgu.com/7DORfidiAu/BquoSU/
ewingconsulting.com/buy/Ewj7oYjhYQ/
thuybaohuy.com/wp-content/VxhkYwH7/
/7DORfidiAu/BquoSU/
/buy/Ewj7oYjhYQ/
/wp-content/VxhkYwH7/
/7DORfidiAu/
/BquoSU/
/Ewj7oYjhYQ/
/VxhkYwH7/

# Reference: https://twitter.com/Cryptolaemus1/status/1538840577139040264

ceramicalafortaleza.com/css/5DSBCCH0/
/css/5DSBCCH0/
/5DSBCCH0/

# Reference: https://twitter.com/Cryptolaemus1/status/1538927479964192769

buildgujarat.com/wp-admin/oJV7bk9onm/
bvirtual.com/affinita/kCO/
cfp-courses.com/key/hs27/
fundacioncedes.org/_installation/oDPga6nfhkRo/
/_installation/oDPga6nfhkRo/
/wp-admin/oJV7bk9onm/
/oDPga6nfhkRo/
/oJV7bk9onm/

# Reference: https://twitter.com/Cryptolaemus1/status/1539228614532960257

digitalkhulna.com/wp-admin/L2z2e/
dnahealth.gr/wp-content/QkkKMaLwy4jURh6FD/
eapro.in/wp-admin/sf2MppPW30cKaWeko/
/wp-admin/sf2MppPW30cKaWeko/
/wp-content/QkkKMaLwy4jURh6FD/
/QkkKMaLwy4jURh6FD/
/sf2MppPW30cKaWeko/

# Reference: https://twitter.com/Cryptolaemus1/status/1539238983334756352

campusconindigital.org/moodle_old/9giglHrg2t/
/moodle_old/9giglHrg2t/
/9giglHrg2t/

# Reference: https://twitter.com/Cryptolaemus1/status/1539296628234141696

brooklynservicesgroup.com/inc/pIyuM/
centurypapers.com/classes/pWG9OiW050VLSs/
chainandpyle.com/Old/UlfGGNN6xbau/
charmslovespells.com/yt-assets/ZcCNJI1B/
/classes/pWG9OiW050VLSs/
/Old/UlfGGNN6xbau/
/yt-assets/ZcCNJI1B/
/pWG9OiW050VLSs/
/UlfGGNN6xbau/
/ZcCNJI1B/

# Reference: https://twitter.com/Cryptolaemus1/status/1539325124549021696

controlnetworks.com.au/wp-content/Pgb43ikTIobH/
dh.net.br/catalogo1/0cJpUJXBhuBaMdVWQf/
subbalakshmi.com/data_winning/kYv6xb/
webhoanggia.com/wp-admin/r6f3vv8ukiZjeW/
/catalogo1/0cJpUJXBhuBaMdVWQf/
/data_winning/kYv6xb/
/wp-admin/r6f3vv8ukiZjeW/
/wp-content/Pgb43ikTIobH/
/0cJpUJXBhuBaMdVWQf/
/kYv6xb/
/Pgb43ikTIobH/
/r6f3vv8ukiZjeW/

# Reference: https://twitter.com/Cryptolaemus1/status/1539511229210763264

aysbody.com/catalog/bwC1Xuouo/
bosny.com/aspnet_client/jBnf4JopKAybRZb7U/
cashmailsystem.com/upload/xsVEPr4708Uk/
thuybaohuy.com/wp-content/6O4JMYNFBxOXta/
/aspnet_client/jBnf4JopKAybRZb7U/
/catalog/bwC1Xuouo/
/upload/xsVEPr4708Uk/
/wp-content/6O4JMYNFBxOXta/
/6O4JMYNFBxOXta/
/bwC1Xuouo/
/jBnf4JopKAybRZb7U/
/xsVEPr4708Uk/

# Reference: https://twitter.com/Cryptolaemus1/status/1539524592204918784

dploy.nl/css/XLxbVjAta7vVC/
m-ainsurance.com/wp-admin/ORiPBStKNOnIV/
starluckycentre.com/data_winning/NgmBH48GCzovEIAgJY/
thegoodneighbourapp.com/cgi-bin/h4/
/css/XLxbVjAta7vVC/
/data_winning/NgmBH48GCzovEIAgJY/
/wp-admin/ORiPBStKNOnIV/
/NgmBH48GCzovEIAgJY/
/ORiPBStKNOnIV/
/XLxbVjAta7vVC/

# Reference: https://twitter.com/Cryptolaemus1/status/1539664771670474752

autosmorla.es/tmp/vi98YEQq/
disperindag.garutkab.go.id/stokggarut/EdZ43/
greenvalleyschool.com/rand_images/NT5NjK6o/
kairaliagencies.com/data_winning/RDN/
kwickconnect.com/im-messenger/hlSpL5nHop/
mulmatdol.com/adm/HH6rxyB/
nlasandbox.com/facebookpage/5XVwDnX/
/adm/HH6rxyB/
/data_winning/RDN/
/facebookpage/5XVwDnX/
/im-messenger/hlSpL5nHop/
/rand_images/NT5NjK6o/
/stokggarut/EdZ43/
/tmp/vi98YEQq/
/5XVwDnX/
/HH6rxyB/
/hlSpL5nHop/
/NT5NjK6o/
/vi98YEQq/

# Reference: https://twitter.com/Cryptolaemus1/status/1540071123651420160

autosmorla.es/tmp/vi98YEQq/
balticcontrolbd.com/images/GG1d8an/
cabans.com/CeudWYRQEzZgrHPcI/yKANkXfH/
cheffsys.com/AZOTEA/QpZ/
clubnauticocordoba.com.ar/bonus.clubnauticocordoba.com.ar/sLCbz03rYfB25/
concivilpa.com.py/cgi-bin/glDvP/
contabilidadeplenus.com.br/ebooks/dIA4V2AnYEnQL/
cpcwiki.de/images/eFnHpREqu6Had9/
creativeme.co.th/cgi-bin/2yl1sJuaL9/
cunicultura.es/blogs/DUXTBlmDSYYggXEdXU2U/
dbr.hostingsdc.pl/smiecio/19VYfhHLp/
decorusfinancial.com/wp-content/OcbOIkcGol/
dhsh.com.ar/wp-admin/H38msg/
disperindag.garutkab.go.id/stokggarut/EdZ43/
diventuretravel.com/administrator/90DadpEYTaQO1A/
djunreal.co.uk/cat/ObaACSyp07uQ41g/
dnautik.com/wp-includes/8GgXiL4N/
document.vpservice-online.com/img/cPPHgfsrA/
domyzizka.cz/js/Zbp4R/
dreams4tomorrow.org/hello/LwqLT9bzX2q/
drmetz.com/vP5MxJXIyFx/
drviniciusterra.com.br/wp-content/QMY/
dscaluya.6te.net/feedback/hi/
dulichdichvu.net/libraries/kq9ezWhY4K7sBjKV/
dusangerzicgera.com/App_Data/ZY7heGPNpm7b4Zw/
e-xim.pl/_ftp/0I6h9suZ8CRS/
eapro.in/wp-admin/cb/
ebuysa.co.za/yt-assets/ihhwpLg/
eportfolio-bizcom.msci.dusit.ac.th/e_port/AYB2aG2/
goldenheartk9s.org/2tbcs/LkUxcRQU/
greenvalleyschool.com/rand_images/NT5NjK6o/
kairaliagencies.com/data_winning/RDN/
kwickconnect.com/im-messenger/hlSpL5nHop/
mulmatdol.com/adm/HH6rxyB/
nlasandbox.com/facebookpage/5XVwDnX/
rec-escape.com/dev1/7hMk6v/
smbfranchising.com/wp-content/dpFsBFA2LfYk3mlN/
/2tbcs/LkUxcRQU/
/AZOTEA/QpZ/
/App_Data/ZY7heGPNpm7b4Zw/
/CeudWYRQEzZgrHPcI/yKANkXfH/
/_ftp/0I6h9suZ8CRS/
/adm/HH6rxyB/
/administrator/90DadpEYTaQO1A/
/blogs/DUXTBlmDSYYggXEdXU2U/
/bonus.clubnauticocordoba.com.ar/sLCbz03rYfB25/
/cat/ObaACSyp07uQ41g/
/cgi-bin/2yl1sJuaL9/
/cgi-bin/glDvP/
/data_winning/RDN/
/dev1/7hMk6v/
/e_port/AYB2aG2/
/ebooks/dIA4V2AnYEnQL/
/facebookpage/5XVwDnX/
/hello/LwqLT9bzX2q/
/im-messenger/hlSpL5nHop/
/images/GG1d8an/
/images/eFnHpREqu6Had9/
/img/cPPHgfsrA/
/js/Zbp4R/
/libraries/kq9ezWhY4K7sBjKV/
/rand_images/NT5NjK6o/
/smiecio/19VYfhHLp/
/stokggarut/EdZ43/
/tmp/vi98YEQq/
/wp-admin/H38msg/
/wp-admin/cb/
/wp-content/OcbOIkcGol/
/wp-content/QMY/
/wp-content/dpFsBFA2LfYk3mlN/
/wp-includes/8GgXiL4N/
/yt-assets/ihhwpLg/
/0I6h9suZ8CRS/
/19VYfhHLp/
/2tbcs/
/2yl1sJuaL9/
/5XVwDnX/
/7hMk6v/
/8GgXiL4N/
/90DadpEYTaQO1A/
/AYB2aG2/
/CeudWYRQEzZgrHPcI/
/cPPHgfsrA/
/dIA4V2AnYEnQL/
/dpFsBFA2LfYk3mlN/
/DUXTBlmDSYYggXEdXU2U/
/eFnHpREqu6Had9/
/GG1d8an/
/H38msg/
/HH6rxyB/
/hlSpL5nHop/
/ihhwpLg/
/kq9ezWhY4K7sBjKV/
/LkUxcRQU/
/LwqLT9bzX2q/
/NT5NjK6o/
/ObaACSyp07uQ41g/
/OcbOIkcGol/
/sLCbz03rYfB25/
/vi98YEQq/
/vP5MxJXIyFx/
/yKANkXfH/
/ZY7heGPNpm7b4Zw/

# Reference: https://twitter.com/Cryptolaemus1/status/1541455043970289666

collabsolutions.co.za/libraries/qn8LLQ66K/
comecebem.com/wp-admin/WvCd0OfZD/
congtycamvinh.com/plugins/rwPRWazNkGzg/
dotcompany.com.br/autoupdate/WVzrARSu74NtSh61uF/
/autoupdate/WVzrARSu74NtSh61uF/
/libraries/qn8LLQ66K/
/plugins/rwPRWazNkGzg/
/wp-admin/WvCd0OfZD/
/qn8LLQ66K/
/rwPRWazNkGzg/
/WvCd0OfZD/
/WVzrARSu74NtSh61uF/

# Reference: https://twitter.com/Cryptolaemus1/status/1541501652473348096

clickmarlow.co.uk/3/xD/
clirtec.com/Q/
clotizen.dothome.co.kr/members/lZTkIb3OkjcV/
ecube.com.mx/eNN4CdXSZNfI/sW/
/members/lZTkIb3OkjcV/
/eNN4CdXSZNfI/sW/
/eNN4CdXSZNfI/
/lZTkIb3OkjcV/

# Reference: https://twitter.com/Cryptolaemus1/status/1541514950820364288

comhina.us/wp-admin/BqXXttOa3XLjg1u/
corporaciondominic.pe/img/dkP/
groupetqg.sn/css/LwnjuVS1fUFpRDg6j/
llev.com.br/app/Rdc1mvTcSSjLl3z/
/app/Rdc1mvTcSSjLl3z/
/css/LwnjuVS1fUFpRDg6j/
/wp-admin/BqXXttOa3XLjg1u/
/BqXXttOa3XLjg1u/
/LwnjuVS1fUFpRDg6j/
/Rdc1mvTcSSjLl3z/

# Reference: https://twitter.com/Cryptolaemus1/status/1541669353619599361

dusangerzicgera.com/App_Data/RiZCHA/
smbfranchising.com/wp-content/LKQlLKENda0/
ybp.rpmediateam.com/wp-includes/uU0hig4dnTtbaW/
/App_Data/RiZCHA/
/wp-content/LKQlLKENda0/
/wp-includes/uU0hig4dnTtbaW/
/LKQlLKENda0/
/RiZCHA/
/uU0hig4dnTtbaW/

# Reference: https://twitter.com/Cryptolaemus1/status/1541532027039518720

clubaero.nl/cJJLfpp27Ze5DuC2/TENAeuVUB/
cmsv.cv/dol/VIkPf1vZMlMnYEsL9B/
greenvalleyschool.com/rand_images/bqeuVAN6B7LhN7hx/
/cJJLfpp27Ze5DuC2/TENAeuVUB/
/dol/VIkPf1vZMlMnYEsL9B/
/rand_images/bqeuVAN6B7LhN7hx/
/bqeuVAN6B7LhN7hx/
/cJJLfpp27Ze5DuC2/
/TENAeuVUB/
/VIkPf1vZMlMnYEsL9B/

# Reference: https://twitter.com/Cryptolaemus1/status/1541690240263282688

construlandia.com/templates/SGbVH/
corpuslender.com/wp-content/1Ct3JyyZxKrywIr/
encuadernacionesartis.com/gcBjAvx/XFbc014fTyATJhss/
erp.pinaken.com/appPhoto/1nDHhHb7eso9uJhEDoX/
/appPhoto/1nDHhHb7eso9uJhEDoX/
/gcBjAvx/XFbc014fTyATJhss/
/templates/SGbVH/
/wp-content/1Ct3JyyZxKrywIr/
/1Ct3JyyZxKrywIr/
/1nDHhHb7eso9uJhEDoX/
/gcBjAvx/
/XFbc014fTyATJhss/

# Reference: https://www.virustotal.com/gui/file/005e381cb39d53c4574f418f8fd4349fa2ad582950b62b08e8064be580f11d3c/detection

156.255.212.186:8611

# Reference: https://twitter.com/Cryptolaemus1/status/1541776923575013376

advanzabpo.com/fonts/K1cXL8XJarbXYL0Spr/
asaferefuge.org/wp-admin/2LO/
cashmailsystem.com/upload/yRC05/
ewingconsulting.com/wp-includes/B4ZzwwImcXf6w8/
/fonts/K1cXL8XJarbXYL0Spr/
/wp-includes/B4ZzwwImcXf6w8/
/B4ZzwwImcXf6w8/
/K1cXL8XJarbXYL0Spr/

# Reference: https://twitter.com/Cryptolaemus1/status/1541776860623048704

corporateissolutions.com/administrator/xOEXwASH3uUe/
curite.net/cgi-bin/1IXkx/
decorusfinancial.com/wp-content/4E3HMlzDpriI3MZ0fp/
kairaliagencies.com/data_winning/kWV0fTwakEvHJUKF/
/administrator/xOEXwASH3uUe/
/cgi-bin/1IXkx/
/data_winning/kWV0fTwakEvHJUKF/
/wp-content/4E3HMlzDpriI3MZ0fp/
/4E3HMlzDpriI3MZ0fp/
/kWV0fTwakEvHJUKF/
/xOEXwASH3uUe/

# Reference: https://twitter.com/Cryptolaemus1/status/1542019387972263936

bruidsfotografie-breda.nl/cache/QPk/
chawkyfrenn.com/icon/JtT/
chillpassion.com/wp-content/nd4wjKgokzKbKH0DQDD/
chiptochip.es/alojamiento-web/dofwXVVQ3hvsp/
/alojamiento-web/dofwXVVQ3hvsp/
/wp-content/nd4wjKgokzKbKH0DQDD/
/dofwXVVQ3hvsp/
/nd4wjKgokzKbKH0DQDD/

# Reference: https://twitter.com/Cryptolaemus1/status/1541887086600392709

chaledooleo.com.br/headers/q7JUE0LzZJQsCQ/
charmslovespells.com/yt-assets/ouRMgGG/
centurypapers.com/classes/jNaLifXh9jHzIb/
cesasin.com.ar/administrator/U12P8KYU/
/administrator/U12P8KYU/
/classes/jNaLifXh9jHzIb/
/headers/q7JUE0LzZJQsCQ/
/yt-assets/ouRMgGG/
/jNaLifXh9jHzIb/
/ouRMgGG/
/q7JUE0LzZJQsCQ/
/U12P8KYU/

# Reference: https://twitter.com/Cryptolaemus1/status/1541903389885624321

document.vpservice-online.com/img/M6rkbsbyTtjk/
starluckycentre.com/data_winning/jKKGZ2/
subbalakshmi.com/data_winning/gzPasNcjGsBU/
/data_winning/jKKGZ2/
/data_winning/gzPasNcjGsBU/
/img/M6rkbsbyTtjk/
/gzPasNcjGsBU/
/jKKGZ2/
/M6rkbsbyTtjk/

# Reference: https://twitter.com/Cryptolaemus1/status/1542091077955354624

blessingsource.com/wp-admin/mX05YNbiSuwRhURh/
bosny.com/aspnet_client/3HKzQi/
cabans.com/CeudWYRQEzZgrHPcI/qY1HHnP5Av3fvb11s/
dhcmart.com/js/izJrXjec/
/aspnet_client/3HKzQi/
/CeudWYRQEzZgrHPcI/qY1HHnP5Av3fvb11s/
/js/izJrXjec/
/wp-admin/mX05YNbiSuwRhURh/
/3HKzQi/
/CeudWYRQEzZgrHPcI/
/izJrXjec/
/mX05YNbiSuwRhURh/
/qY1HHnP5Av3fvb11s/

# Reference: https://twitter.com/Cryptolaemus1/status/1542098582429261824

bramynapilota.com.pl/wp-admin/xCZp8SgBtmxELi/
camcha.cl/wp-admin/uaGdFOaYvx9p0sHuur/
caravanasitsaso.es/wp-content/dYbHrCM41ZJ9/
drcno.sk/_sub/kweb8e/
/wp-admin/xCZp8SgBtmxELi/
/wp-admin/uaGdFOaYvx9p0sHuur/
/wp-content/dYbHrCM41ZJ9/
/_sub/kweb8e/
/dYbHrCM41ZJ9/
/uaGdFOaYvx9p0sHuur/
/xCZp8SgBtmxELi/

# Reference: https://twitter.com/Cryptolaemus1/status/1542144763171856387

coolcraft.at/wordpress/aAr/

# Reference: https://twitter.com/Cryptolaemus1/status/1542202381823143936

bamassociates.net/admin/cDRv5kGpHxun9RP/
bencevendeghaz.hu/wp-includes/zWV5RmHTSn8eaP/
cs14productions.com/nav2/Om8zPGbo1ryK0hym/
/admin/cDRv5kGpHxun9RP/
/nav2/Om8zPGbo1ryK0hym/
/wp-includes/zWV5RmHTSn8eaP/
/cDRv5kGpHxun9RP/
/Om8zPGbo1ryK0hym/
/zWV5RmHTSn8eaP/

# Reference: https://twitter.com/Cryptolaemus1/status/1542165090644148224

corneliussen.dk/wp-includes/hZ1hsgTdbppDlYP/
cosole.dk/wp-includes/U/
diarioaldia.com.ar/admin/Bzq5zzq8CAYy/
garantihaliyikama.com/wp-admin/CcxWGjZEjriZ9zMdsP/
kspintidana.com/wp-admin/jjiOcQAL/
mobiles-photostudio.com/MPS/uYUKsZhII1qQ1/
zablimconsultancy.co.ke/musagala/pmOVrwAwG/
/admin/Bzq5zzq8CAYy/
/MPS/uYUKsZhII1qQ1/
/musagala/pmOVrwAwG/
/wp-admin/CcxWGjZEjriZ9zMdsP/
/wp-admin/jjiOcQAL/
/wp-includes/hZ1hsgTdbppDlYP/
/Bzq5zzq8CAYy/
/CcxWGjZEjriZ9zMdsP/
/hZ1hsgTdbppDlYP/
/jjiOcQAL/
/pmOVrwAwG/
/uYUKsZhII1qQ1/

# Reference: https://twitter.com/Cryptolaemus1/status/1542223425040551936

charmingsoftech.com/AMMAN/lq7ihucFtWWFliuiuK/
/AMMAN/lq7ihucFtWWFliuiuK/
/lq7ihucFtWWFliuiuK/

# Reference: https://twitter.com/Cryptolaemus1/status/1542262288723615745

fcstradesolutions.com/cgi-bin/EKrh/
financialchile.com/art/nTXsGe8VHFLC5yH/
periodistesgolf.cat/tmp/c71/
reneetten.nl/Menu/jKiBaSmhgyBD3/
/art/nTXsGe8VHFLC5yH/
/Menu/jKiBaSmhgyBD3/
/jKiBaSmhgyBD3/
/nTXsGe8VHFLC5yH/

# Reference: https://twitter.com/Cryptolaemus1/status/1542405490801803264

aysbody.com/catalog/FlJ6iKCntAwfO85/
fikti.bem.gunadarma.ac.id/SDM/wC256Xn/
happyakrz.com/css/g4w1rdi/
hepsisifa.com/wp-content/T0kkNeOlvF/
/catalog/FlJ6iKCntAwfO85/
/css/g4w1rdi/
/SDM/wC256Xn/
/wp-content/T0kkNeOlvF/
/FlJ6iKCntAwfO85/
/g4w1rdi/
/T0kkNeOlvF/
/wC256Xn/

# Reference: https://twitter.com/Cryptolaemus1/status/1542423912080089088

hayalkatibi.com/catalog/pJix6SFfnbNWFMuu8m/
/catalog/pJix6SFfnbNWFMuu8m/
/pJix6SFfnbNWFMuu8m/

# Reference: https://twitter.com/Cryptolaemus1/status/1542541291879182339

cicerosd.com/wp-includes/KnC/
civcraft.net/0NB225K3VjLuJm/75nYicnqulFb/
gumushaliyikama.com.tr/images/53K7VVUhrbL/
guvenliksepeti.net/ygzz/wIvF/
/0NB225K3VjLuJm/75nYicnqulFb/
/images/53K7VVUhrbL/
/0NB225K3VjLuJm/
/53K7VVUhrbL/
/75nYicnqulFb/

# Reference: https://twitter.com/Cryptolaemus1/status/1542609163288584192

atelierkikala.com/Facebook/zWUe7fBXDJ/
brittknight.com/PHP/5bgKOXH0pM/
hadramout21.com/wp-includes/zt5Jk4CthZxbloJW/
/Facebook/zWUe7fBXDJ/
/PHP/5bgKOXH0pM/
/wp-includes/zt5Jk4CthZxbloJW/
/5bgKOXH0pM/
/zt5Jk4CthZxbloJW/
/zWUe7fBXDJ/

# Reference: https://twitter.com/Cryptolaemus1/status/1542647617737240577

astrogurusunilbarmola.com/css/kmy7FWW03Z2/
birebiregitim.net/wp-includes/kBhu9witwga0pg8GrgP/
ergbox.com/cgi-bin/JNB/
evashopping.thietkewebsitechuanseo.com/assets/rNAyQu/
forensisbilisim.com/wp-includes/tznAlaHXSY/
fullplateconsulting.com/_notes/aFZKot9/
fullwiz.com.br/erros/v2om35w/
fundaciontheoz.cl/pensamientooccidental/OGQK0eVU0RRxE0/
gxthanhtam.com/modules/cvH3FI3vRRmAxH/
/_notes/aFZKot9/
/assets/rNAyQu/
/css/kmy7FWW03Z2/
/erros/v2om35w/
/modules/cvH3FI3vRRmAxH/
/pensamientooccidental/OGQK0eVU0RRxE0/
/wp-includes/kBhu9witwga0pg8GrgP/
/wp-includes/tznAlaHXSY/
/OGQK0eVU0RRxE0/
/aFZKot9/
/cvH3FI3vRRmAxH/
/kBhu9witwga0pg8GrgP/
/kmy7FWW03Z2/
/rNAyQu/
/tznAlaHXSY/
/v2om35w/

# Reference: https://twitter.com/Cryptolaemus1/status/1542897896198406146

astrogurusunilbarmola.com/css/kmy7FWW03Z2/
birebiregitim.net/wp-includes/kBhu9witwga0pg8GrgP/
educacionsanvicentefundacion.com/iplookup/NmUBGEds2KgV/
exsite.pt/ocmods_meus/Yo7Zn4/
f5ajans.com/merthel/vvWRK/
federation-sardaniste.fr/calendrier/k46ShzQoCG/
firestoppers.co.za/language/L7bx4/
forensisbilisim.com/wp-includes/tznAlaHXSY/
fotowahn.ch/galleries/rfL4zx0IH7bZ2/
fullwiz.com.br/erros/v2om35w/
galaxy-catering.com.vn/galxy/nkW/
gedebey-tvradio.info/wp-includes/ydPz/
globartmag.com/images/8VAq5ZSSrbfHJFmzb/
greenlizard.co.za/amanah/INpHWowXue/
gtraff.com/wp-includes/fLx/
gxthanhtam.com/modules/cvH3FI3vRRmAxH/
helmprecision.com/Helm/main/css/F1RnG5nDhK/
oud-fit.nl/wp-admin/YxJGcfwvk/
peicovich.com/lavida/8xCoNjoBMhu1/
/amanah/INpHWowXue/
/calendrier/k46ShzQoCG/
/css/kmy7FWW03Z2/
/erros/v2om35w/
/galleries/rfL4zx0IH7bZ2/
/images/8VAq5ZSSrbfHJFmzb/
/iplookup/NmUBGEds2KgV/
/language/L7bx4/
/lavida/8xCoNjoBMhu1/
/merthel/vvWRK/
/modules/cvH3FI3vRRmAxH/
/ocmods_meus/Yo7Zn4/
/wp-admin/YxJGcfwvk/
/wp-includes/fLx/
/wp-includes/kBhu9witwga0pg8GrgP/
/wp-includes/tznAlaHXSY/
/wp-includes/ydPz/
/8VAq5ZSSrbfHJFmzb/
/8xCoNjoBMhu1/
/INpHWowXue/
/L7bx4/
/NmUBGEds2KgV/
/Yo7Zn4/
/YxJGcfwvk/
/cvH3FI3vRRmAxH/
/k46ShzQoCG/
/kBhu9witwga0pg8GrgP/
/kmy7FWW03Z2/
/rfL4zx0IH7bZ2/
/tznAlaHXSY/
/v2om35w/

# Reference: https://twitter.com/Cryptolaemus1/status/1542783929669029888

fundustry.net/sjaak/qu6Ha/
galaxy-catering.com.vn/galxy/nkW/
geoshot.org/photogrammetryservices.com/8JDPk/
greenlizard.co.za/amanah/INpHWowXue/
grouprobust.com/cgi-bin/NAf8vJWleV0Y6KerEIW/
guedala.com.br/cgi-bin/8hNjaOngZWq1lDIiz/
guiatvpro.com/emergency_mode/Iq4i1lSvE9V6fpLapS/
haircutbar.com/cgi-bin/Ibo/
helmprecision.com/Helm/main/css/F1RnG5nDhK/
osor-promet.si/blogs/6qZ5U03/
swork.pl/de/rA80zJo05lBHAT2cYOC/
/amanah/INpHWowXue/
/blogs/6qZ5U03/
/cgi-bin/8hNjaOngZWq1lDIiz/
/cgi-bin/NAf8vJWleV0Y6KerEIW/
/de/rA80zJo05lBHAT2cYOC/
/emergency_mode/Iq4i1lSvE9V6fpLapS/
/photogrammetryservices.com/8JDPk/
/6qZ5U03/
/8hNjaOngZWq1lDIiz/
/INpHWowXue/
/Iq4i1lSvE9V6fpLapS/
/NAf8vJWleV0Y6KerEIW/
/rA80zJo05lBHAT2cYOC/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-30%20Emotet%20(E4)%20IOCs

104.168.155.143:8080
135.148.6.80:443
139.59.126.41:443
213.239.212.5:443
45.55.191.130:443

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-27%20Emotet%20(E4)%20IOCs

139.162.113.169:8080
45.76.181.158:443

# Reference: https://twitter.com/Cryptolaemus1/status/1543712014673264640

birebiregitim.net/wp-includes/6TZYwP7KzCD/
financialchile.com/art/7Youv4A9Kf/
francite.net/images/fT7/
guvenliksepeti.net/ygzz/u5FoPrW8qKzgI/
/art/7Youv4A9Kf/
/wp-includes/6TZYwP7KzCD/
/ygzz/u5FoPrW8qKzgI/
/6TZYwP7KzCD/
/7Youv4A9Kf/
/u5FoPrW8qKzgI/

# Reference: https://twitter.com/Cryptolaemus1/status/1543744113883103234

ent.draftserver.com/cgi-bin/q0T43kuB3QeVjr9Zn7MB/
evosp.com.br/doli/yupRZccN20nUJW4/
garantihaliyikama.com/wp-admin/rbA4tnGz3iFzA8/
reneetten.nl/Menu/zRiacFs/
/cgi-bin/q0T43kuB3QeVjr9Zn7MB/
/doli/yupRZccN20nUJW4/
/Menu/zRiacFs/
/wp-admin/rbA4tnGz3iFzA8/
/q0T43kuB3QeVjr9Zn7MB/
/rbA4tnGz3iFzA8/
/yupRZccN20nUJW4/
/zRiacFs/

# Reference: https://twitter.com/Cryptolaemus1/status/1543857718196285441

educacionsanvicentefundacion.com/iplookup/wYEInbaN/
gedebey-tvradio.info/wp-includes/T0J9THbd5f2/
haircutbar.com/cgi-bin/dNfEA5F/
/cgi-bin/dNfEA5F/
/iplookup/wYEInbaN/
/wp-includes/T0J9THbd5f2/
/dNfEA5F/
/T0J9THbd5f2/
/wYEInbaN/

# Reference: https://twitter.com/Cryptolaemus1/status/1543871251545853953

duinrand-s.nl/Nieuws/S9Y8DumfrBU1r5unO/
emett.com/images/kk2l4zoRKwv2vIEK/
f5ajans.com/merthel/vvWRK/KVVGB6o7SPoorfaI/
galileuconcursos.com.br/wp-admin/Pt8VGg/
/images/kk2l4zoRKwv2vIEK/
/Nieuws/S9Y8DumfrBU1r5unO/
/vvWRK/KVVGB6o7SPoorfaI/
/wp-admin/Pt8VGg/
/kk2l4zoRKwv2vIEK/
/KVVGB6o7SPoorfaI/
/Pt8VGg/
/S9Y8DumfrBU1r5unO/

# Reference: https://twitter.com/Cryptolaemus1/status/1543973874282512389

corpuslender.com/wp-content/3lfRabuJe3/
curite.net/cgi-bin/MVlEWg5erc/
digital21.cl/genchile/Pp1LDfwHR0IJPWHpq3R/
enamsg.com/components/nLRKIxof/
ewingconsulting.com/wp-includes/1sqrshC/
fontecmobile.com/pk/jINs/
llev.com.br/app/W2ehSSGWXTBpOf/
nellydwiputri.co.id/images/lZfuoNe2vyr/
/wp-includes/1sqrshC/
/app/W2ehSSGWXTBpOf/
/images/lZfuoNe2vyr/
/cgi-bin/MVlEWg5erc/
/components/nLRKIxof/
/genchile/Pp1LDfwHR0IJPWHpq3R/
/wp-content/3lfRabuJe3/
/1sqrshC/
/3lfRabuJe3/
/lZfuoNe2vyr/
/MVlEWg5erc/
/nLRKIxof/
/Pp1LDfwHR0IJPWHpq3R/
/W2ehSSGWXTBpOf/

# Reference: https://twitter.com/Cryptolaemus1/status/1544034699441344512

c-frk.jp/__HPB_Recycled/9wPduLjbQrj/
escueladecinemza.com.ar/administrator/AJQZvkcY/
parsmemoryesfahan.ir/catalog/89gPqWk5KjFDw/
/__HPB_Recycled/9wPduLjbQrj/
/administrator/AJQZvkcY/
/catalog/89gPqWk5KjFDw/
/89gPqWk5KjFDw/
/9wPduLjbQrj/
/AJQZvkcY/

# Reference: https://twitter.com/Cryptolaemus1/status/1544029804558659584

fisika.mipa.uns.ac.id/reseller/img/g6D4XXu84leSua6/
/img/g6D4XXu84leSua6/
/g6D4XXu84leSua6/

# Reference: https://twitter.com/Cryptolaemus1/status/1544029803594289152

artefatocultural.org.br/site/4Qyaea/
chaledooleo.com.br/headers/EqWziqtP7sHX/
ybp.rpmediateam.com/wp-includes/ONohM1EIMw6UBFVCBWD/
/headers/EqWziqtP7sHX/
/site/4Qyaea/
/wp-includes/ONohM1EIMw6UBFVCBWD/
/4Qyaea/
/EqWziqtP7sHX/
/ONohM1EIMw6UBFVCBWD/

# Reference: https://twitter.com/Cryptolaemus1/status/1544219993138597888

akdalarabic.com/cgi-bin/WQ0nRFFi3/
aseguradosaldia.com/wp-content/5xLOG2xKBT20s8e6Fs1/
chillpassion.com/wp-content/Qcl3YY1jmc/akdalarabic.com/cgi-bin/WQ0nRFFi3/
clinicaportalpsicologia.com.br/wp-content/rknwta6Ncgt9xnXu7S/
fundaciontheoz.cl/pensamientooccidental/tilKftYVgHoCu4pp/
greenlizard.co.za/amanah/HJErj/
weboculta.com/css/4teU8698559ttLN/
wp.eryaz.net/bayar1/gQ3C8aNR9773v0sWR/
yakosurf.com/wp-includes/n6ZMo/
zarzamora.com.mx/cgi-bin/bg7Q06nqt3DJRvH0/
zhivir.com/wp/g1bvvKyM/
/amanah/HJErj/
/bayar1/gQ3C8aNR9773v0sWR/
/cgi-bin/WQ0nRFFi3/
/cgi-bin/bg7Q06nqt3DJRvH0/
/css/4teU8698559ttLN/
/pensamientooccidental/tilKftYVgHoCu4pp/
/wp-content/5xLOG2xKBT20s8e6Fs1/
/wp-content/Qcl3YY1jmc/
/wp-content/rknwta6Ncgt9xnXu7S/
/wp-includes/n6ZMo/
/wp/g1bvvKyM/
/4teU8698559ttLN/
/5xLOG2xKBT20s8e6Fs1/
/Qcl3YY1jmc/
/WQ0nRFFi3/
/bg7Q06nqt3DJRvH0/
/g1bvvKyM/
/gQ3C8aNR9773v0sWR/
/rknwta6Ncgt9xnXu7S/
/tilKftYVgHoCu4pp/

# Reference: https://twitter.com/Artilllerie/status/1544315100504399872

174.138.33.49:7080
178.238.225.252:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1544369950454075392

aacl.co.in/images/zZMVn05EJDpTcQ/
balibuli.hu/galeria/ArPQKNsnvuW/
baykusoglu.com.tr/wp-admin/0o7/
induvit.tlaxcala.gob.mx/components/CFZUmiQTd367H4nH/
/components/CFZUmiQTd367H4nH/
/galeria/ArPQKNsnvuW/
/images/zZMVn05EJDpTcQ/
/ArPQKNsnvuW/
/CFZUmiQTd367H4nH/
/zZMVn05EJDpTcQ/

# Reference: https://twitter.com/Cryptolaemus1/status/1544519709734817797

airhobi.com/system/4Z6puOENN1DH2HYMzKLz/
charliecaper.com/wp-includes/Q8IU0ksWg0/
che-fare.com/che-fare-media/rPI4ln2WQ7IyznRle/
empresaweb.com.br/bootstrap/ZDuT5jT0N35ssN/
ftp.yourbankruptcypartner.com/wp-content/HjSaWCEgzhi6CZS/
greycoconut.com/edm/X9xZ/
harleyqueretaro.com/renew2019/Back2016-12-22/cv/data/mFTZ50JsmKq/
napolni.me/3r/ILq7TqCUS/
pccurico.cl/wp-admin/9XR3XWZGidfKVYYzW/
sigratech.de/career/sRpMMHief7H/
vietroll.vn/wp-content/fMgN4vYD1/
webbandi.hu/image/Ifm98UCtROXr/
yudaisuzuki.jp/150911pre/nsA8XrN93S/
zonainformatica.es/aspnet_client/n0ULlfoAHHQh9tagckL/
zspwolawiazowa.pl/images/Qb86rcUXgBHhg/
/150911pre/nsA8XrN93S/
/3r/ILq7TqCUS/
/aspnet_client/n0ULlfoAHHQh9tagckL/
/bootstrap/ZDuT5jT0N35ssN/
/career/sRpMMHief7H/
/che-fare-media/rPI4ln2WQ7IyznRle/
/data/mFTZ50JsmKq/
/image/Ifm98UCtROXr/
/images/Qb86rcUXgBHhg/
/system/4Z6puOENN1DH2HYMzKLz/
/wp-admin/9XR3XWZGidfKVYYzW/
/wp-content/HjSaWCEgzhi6CZS/
/wp-content/fMgN4vYD1/
/wp-includes/Q8IU0ksWg0/
/4Z6puOENN1DH2HYMzKLz/
/9XR3XWZGidfKVYYzW/
/HjSaWCEgzhi6CZS/
/ILq7TqCUS/
/Ifm98UCtROXr/
/Q8IU0ksWg0/
/Qb86rcUXgBHhg/
/ZDuT5jT0N35ssN/
/fMgN4vYD1/
/mFTZ50JsmKq/
/n0ULlfoAHHQh9tagckL/
/nsA8XrN93S/
/rPI4ln2WQ7IyznRle/
/sRpMMHief7H/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-05%20Emotet%20(E4)%20IOCs

144.202.108.116:8080
147.139.166.154:8080
164.90.222.65:443

# Reference: https://twitter.com/Cryptolaemus1/status/1544594929023799296

gedebey-tvradio.info/wp-includes/nOmdPyUpDB/
haircutbar.com/cgi-bin/SpJT9OKPmUpJfkGqv/
/cgi-bin/SpJT9OKPmUpJfkGqv/
/wp-includes/nOmdPyUpDB/
/nOmdPyUpDB/
/SpJT9OKPmUpJfkGqv/

# Reference: https://twitter.com/Cryptolaemus1/status/1544599503281729536

atici.net/c/MgEC/
atperson.com/campusvirtual/3aAaeSKPaURF/
buffetmazzi.com.br/ckfinder/i/
/campusvirtual/3aAaeSKPaURF/
/3aAaeSKPaURF/

# Reference: https://twitter.com/Cryptolaemus1/status/1544584763679260673

chadhymas.com/wp-admin/ZuFQrj/
cointrade.world/receipts/Sa6fYJpecEVqiRf05/
francite.net/images/XI7zS0X1nY/
/images/XI7zS0X1nY/
/receipts/Sa6fYJpecEVqiRf05/
/Sa6fYJpecEVqiRf05/
/wp-admin/ZuFQrj/
/XI7zS0X1nY/
/ZuFQrj/

# Reference: https://www.virustotal.com/gui/file/009691eac43a379cfb16af76765628fa7b5edd661f15269473810499069e0703/detection

http://64.183.73.122
agapewilderness.com/wordpress/cj5O/
getmodels.net/sys-cache/po/
ruskinc.com/7k2ql/zmIt/
/7k2ql/zmIt/
/wordpress/cj5O/
/Xn5TSZr/1A0oodd0Rd0/
/1A0oodd0Rd0/
/Xn5TSZr/

# Reference: https://twitter.com/Cryptolaemus1/status/1544725228286541824

aysbody.com/catalog/Oax5/
dawtona.dev.goldensystem.pl/wp-admin/EX05554XhKk3ee2cQ/
garantihaliyikama.com/wp-admin/QVvdNIasGj/
yoymanajemen.id/wp-content/khXBxIm5/
/catalog/Oax5/
/wp-admin/EX05554XhKk3ee2cQ/
/wp-admin/QVvdNIasGj/
/wp-content/khXBxIm5/
/EX05554XhKk3ee2cQ/
/khXBxIm5/
/QVvdNIasGj/

# Reference: https://twitter.com/Cryptolaemus1/status/1544831851566895104

agtrade.hu/images/kiQYmOs2tSKq/
daxberger.at/stats/NfxCfPkIhjZqEvLMN2Ul/
dazzlecollections.co.za/THDXpHbk3YwA/HTolLw1ams3x/
dirigent.co.uk/vardagsekonomi/iC36jJ4J1cf/
earthmach.co.za/libraries/tWkZh9YrXbTd6IeX/
edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
finvest.rs/wp-admin/Hr9nVNTIHgw59S/
k-s-j.jp/contact/r3a9keM/
kentandcowines.com.au/wp-content/nkz1FRU9Y5i/L/
sunflowerlaboratory.in/fonts/79Tq62ly/
zachboyle.com/wp-admin/EA470ZrTGNkuA/
/cgi-bin/jQNq9wlH1GXU/
/contact/r3a9keM/
/fonts/79Tq62ly/
/images/kiQYmOs2tSKq/
/libraries/tWkZh9YrXbTd6IeX/
/stats/NfxCfPkIhjZqEvLMN2Ul/
/THDXpHbk3YwA/HTolLw1ams3x/
/vardagsekonomi/iC36jJ4J1cf/
/wp-admin/EA470ZrTGNkuA/
/wp-admin/Hr9nVNTIHgw59S/
/wp-content/nkz1FRU9Y5i/
/79Tq62ly/
/EA470ZrTGNkuA/
/HTolLw1ams3x/
/Hr9nVNTIHgw59S/
/NfxCfPkIhjZqEvLMN2Ul/
/THDXpHbk3YwA/
/iC36jJ4J1cf/
/jQNq9wlH1GXU/
/kiQYmOs2tSKq/
/nkz1FRU9Y5i/
/r3a9keM/
/tWkZh9YrXbTd6IeX/

# Reference: https://twitter.com/Cryptolaemus1/status/1544963991843180544

akuntansi.itny.ac.id/asset/H10R0aWYC/
corpuslender.com/wp-content/jb4hyj9Ufawl/
curite.net/cgi-bin/SJ2LI/
enamsg.com/components/juTBPJ0Jr6FMh5AuDf/
/asset/H10R0aWYC/
/cgi-bin/SJ2LI/
/components/juTBPJ0Jr6FMh5AuDf/
/wp-content/jb4hyj9Ufawl/
/H10R0aWYC/
/jb4hyj9Ufawl/
/juTBPJ0Jr6FMh5AuDf/

# Reference: https://twitter.com/Cryptolaemus1/status/1545087568328286208

alsafwa.com.ly/webcal/E3Yx9UarfMuz6sk/
bpsjambi.id/about/5dDtahY1ewj/
frascona.com.ar/assets/xobbA5VJIi/
galileuconcursos.com.br/wp-admin/iF9x/
/about/5dDtahY1ewj/
/assets/xobbA5VJIi/
/webcal/E3Yx9UarfMuz6sk/
/wp-admin/iF9x/
/5dDtahY1ewj/
/E3Yx9UarfMuz6sk/
/xobbA5VJIi/

# Reference: https://twitter.com/kienbigmummy/status/1545258351696965632

yell.ge/nav_logo/cvLMav68/
/nav_logo/cvLMav68/
/cvLMav68/

# Reference: https://twitter.com/Cryptolaemus1/status/1545402191992979457

akdalarabic.com/cgi-bin/NxYwE8FyaIw3Kgile/
armannahalpersian.ir/armannahalpersian/byxUd7hAO2/
borntobefree.org.za/kQLk1lMTa79K4xwgJ5g/ZMmtgsoZk9ng1S6V/
corpandina.com.pe/js/9dwcb1g2Vqh3Owz/
disweb.sk/lfHCegwZndgMs/KFfG/
fikti.bem.gunadarma.ac.id/SDM/xDYmcOngg/
greenlizard.co.za/amanah/FnrTI/
wp.eryaz.net/bayar1/7sa9BpCVdDRcrMWiROv3/
xebabanhchohang.vn/wp-content/sux8Bfyu/
yakosurf.com/wp-includes/y9jgKE7f1wMM/
/amanah/FnrTI/
/armannahalpersian/byxUd7hAO2/
/bayar1/7sa9BpCVdDRcrMWiROv3/
/cgi-bin/NxYwE8FyaIw3Kgile/
/js/9dwcb1g2Vqh3Owz/
/kQLk1lMTa79K4xwgJ5g/ZMmtgsoZk9ng1S6V/
/lfHCegwZndgMs/KFfG/
/SDM/xDYmcOngg/
/wp-content/sux8Bfyu/
/wp-includes/y9jgKE7f1wMM/
/7sa9BpCVdDRcrMWiROv3/
/9dwcb1g2Vqh3Owz/
/byxUd7hAO2/
/kQLk1lMTa79K4xwgJ5g/
/lfHCegwZndgMs/
/NxYwE8FyaIw3Kgile/
/sux8Bfyu/
/xDYmcOngg/
/y9jgKE7f1wMM/
/ZMmtgsoZk9ng1S6V/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-06%20Emotet%20(E4)%20IOCs

birebiregitim.net/wp-includes/f/

# Reference: https://twitter.com/Cryptolaemus1/status/1546404448150294528

airhobi.com/system/WLvH1ygkOYQO/
cointrade.world/receipts/0LjXVwpQrhw/
garantihaliyikama.com/wp-admin/jp64lssPHEe2ii/
haircutbar.com/cgi-bin/BC3WAQ8zJY4ALXA4/
/cgi-bin/BC3WAQ8zJY4ALXA4/
/receipts/0LjXVwpQrhw/
/system/WLvH1ygkOYQO/
/wp-admin/jp64lssPHEe2ii/
/0LjXVwpQrhw/
/BC3WAQ8zJY4ALXA4/
/jp64lssPHEe2ii/
/WLvH1ygkOYQO/

# Reference: https://twitter.com/Cryptolaemus1/status/1546596325856518144

3dstudioa.com.br/files/1ubPAB/
boardmart.co.za/images/DvMHPbTLn/
ebuysa.co.za/yt-assets/yZ30/
fikti.bem.gunadarma.ac.id/SDM/YH8OJ1Zz8miBX/
/files/1ubPAB/
/images/DvMHPbTLn/
/SDM/YH8OJ1Zz8miBX/
/yt-assets/yZ30/
/1ubPAB/
/DvMHPbTLn/
/YH8OJ1Zz8miBX/

# Reference: https://twitter.com/Cryptolaemus1/status/1546752209991262208

earthmach.co.za/libraries/K8Lnj5/
fashionbyprincessmelodicaah.com/4185PINT/79YtAbiNx92iI/
pccurico.cl/wp-admin/x3kyR3u8ARXStL7/
/4185PINT/79YtAbiNx92iI/
/libraries/K8Lnj5/
/wp-admin/x3kyR3u8ARXStL7/
/4185PINT/
/79YtAbiNx92iI/
/K8Lnj5/
/x3kyR3u8ARXStL7/

# Reference: https://twitter.com/Cryptolaemus1/status/1546755144528035841

aysbody.com/catalog/fKIbKAcI81pVn/
/catalog/fKIbKAcI81pVn/
/fKIbKAcI81pVn/

# Reference: https://twitter.com/Cryptolaemus1/status/1546943790195556352

akuntansi.itny.ac.id/asset/NH7qwRrn81Taa0VVqpx/
bpsjambi.id/about/CcN5IbuInPQ/
greenlizard.co.za/amanah/pu8xeUOpqqq/
/about/CcN5IbuInPQ/
/amanah/pu8xeUOpqqq/
/asset/NH7qwRrn81Taa0VVqpx/
/CcN5IbuInPQ/
/NH7qwRrn81Taa0VVqpx/
/pu8xeUOpqqq/

# Reference:https://www.virustotal.com/gui/file/00dab001a273bc60b9ee7e2e20716f7559d42baf8c8e9a8e519df73a25794f61/detection

colfincas.com/tmp/FvyLs/
contentunion.net/newwebsite/UXkkk/
contrid.com/6vwkQmRU/
cordclipsorganizer.com/cable-holder-2e/a/
ctfilms.com/ks/2ygJuGV0/
dahiaka.com/DND/JuBlOiT8Ixj/
/DND/JuBlOiT8Ixj/
/ks/2ygJuGV0/
/newwebsite/UXkkk/
/2ygJuGV0/
/6vwkQmRU/
/JuBlOiT8Ixj/

# Reference: https://twitter.com/Cryptolaemus1/status/1547124358266896385

atici.net/c/JDFDBMIz/
atperson.com/campusvirtual/EOgFGo17w/
domesticuif.co.za/libraries/nbnH9dpd/
eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/
/c/JDFDBMIz/
/campusvirtual/EOgFGo17w/
/libraries/nbnH9dpd/
/phpmailer-old/dafdBxQONtk5Uf9dxll/
/dafdBxQONtk5Uf9dxll/
/EOgFGo17w/
/JDFDBMIz/
/nbnH9dpd/

# Reference: https://twitter.com/Cryptolaemus1/status/1547293715768963072

atici.net/c/JDFDBMIz/
atperson.com/campusvirtual/EOgFGo17w/
balletmagazine.ro/wp-content/9VrMPV/
domesticuif.co.za/libraries/nbnH9dpd/
eliteturismo.com/phpmailer-old/dafdBxQONtk5Uf9dxll/
fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/
greycoconut.com/edm/71qUA/
zonainformatica.es/tienda/XCHJmidSYTkE/
/c/JDFDBMIz/
/campusvirtual/EOgFGo17w/
/edm/71qUA/
/libraries/nbnH9dpd/
/phpmailer-old/dafdBxQONtk5Uf9dxll/
/reseller/img/nRAvAgoY8Y/
/tienda/XCHJmidSYTkE/
/wp-content/9VrMPV/
/9VrMPV/
/EOgFGo17w/
/JDFDBMIz/
/XCHJmidSYTkE/
/dafdBxQONtk5Uf9dxll/
/nRAvAgoY8Y/
/nbnH9dpd/

# Reference: https://www.virustotal.com/gui/file/17cd84a5e5246dfbd4c94417ade88d4a58426b5926689d3135309191a181b059/detection

186.144.64.31:53
187.163.222.244:465
222.214.218.136:4143

# Reference: https://www.virustotal.com/gui/file/001c7f2cf9518d78d50711633e4f0cb168bbc4ab2c923ead7c41febf6e3fdfad/detection

/159Qe8kuHIuype/

# Reference: https://www.virustotal.com/gui/file/03b82c922cc5678dc96ec9c4f0e695b85c04ce2fc5615849af14ffff0bf0cf30/detection

cableequipmentmanagementreturns.com/wp-admin/JPivizxmiwo9A5Owys/
kiwibeautyhouse.com/wp-includes/js/tinymce/themes/qzutpR1kPAPp54/
novawedevent.com/tmp/PA0rBwFszIpy/
/wp-admin/JPivizxmiwo9A5Owys/
/wp-includes/js/tinymce/themes/qzutpR1kPAPp54/
/tmp/PA0rBwFszIpy/
/PA0rBwFszIpy/
/JPivizxmiwo9A5Owys/
/qzutpR1kPAPp54/

# Reference: https://twitter.com/Cryptolaemus1/status/1587720793584472065

audioselec.com/about/dDw5ggtyMojggTqhc/
geringer-muehle.de/wp-admin/G/
intolove.co.uk/wp-admin/FbGhiWtrEzrQ/
isc.net.ua/themes/3rU/
/about/dDw5ggtyMojggTqhc/
/wp-admin/FbGhiWtrEzrQ/
/dDw5ggtyMojggTqhc/
/FbGhiWtrEzrQ/

# Reference: https://twitter.com/Cryptolaemus1/status/1587743786209542144

9hym.com/images/SXVIe4tbJw8ZCfa4TEt/
helpeve.com/multiwp/cxpkaAkAKPRUs4KL/
hsweixintp.com/wp-admin/3c2etiFC2RwmHfTS/
yuanliao.raluking.com/overemotionality/Vfc9v1ebcmaEguw/
/images/SXVIe4tbJw8ZCfa4TEt/
/multiwp/cxpkaAkAKPRUs4KL/
/overemotionality/Vfc9v1ebcmaEguw/
/wp-admin/3c2etiFC2RwmHfTS/
/3c2etiFC2RwmHfTS/
/cxpkaAkAKPRUs4KL/
/SXVIe4tbJw8ZCfa4TEt/
/Vfc9v1ebcmaEguw/

# Reference: https://twitter.com/Cryptolaemus1/status/1587860774151548928

http://158.199.168.181
http://45.127.102.193
a.angel-tn.idv.tw/web_images/r4psvIE1r6WJT/
aibwireless.com/cgi-bin/zR2mG25Ssk8dH/
akarweb.net/cgi-bin/fWWuTf6mddh6Idq/
akuntansi.itny.ac.id/asset/9aVFvYeaSKOhGBSLx/
alagi.ge/application/irnz5Rs8qWvQrf/
aldina.jp/wp-admin/YvD46yh/
alliance-habitat.com/cache/lE8/
alvaovillagecamping.pt/wp-content/Ra9iwOPb6uLf/
amorecuidados.com.br/wp-admin/t3D/
andorsat.com/css/5xdvDtgW0H4SrZokxM/
andrewpharma.com/ost/NjKVUWPAuvq4Sr/
angloextrema.com.br/assets/mQVRrHu7o0eJXxTFu/
anguklaw.com/microsoft-clearscript/oVgMlzJ61/
app.clubdedocentes.com/storage/DCcq9ekgH99sI/
aprendeconmireia.com/images/wBu/
aquariorecords.com.br/wp-content/A8G3ownNApEj1L4hF/
armannahalpersian.ir/3H5qqUOB/
aslum.net/3d/0vzZVHw6At2SYrwiv5/
atici.net/old/GdvEdPSuTgnDW1LtTIU/
atlantia.sca.org/php_fragments/D8Nwm2F80BL4s/
bosny.com/aspnet_client/5VLxhxQCFMinu6/
caimari.com/wp-includes/xSorfU1K1iw/
cginforma.com.br/wp-admin/z2qHkUROsrTf/
christplanet.com/wp-admin/maint/mtlsi/WohDqMAVo/
cursosinterativos.com.br/semprichickoff2/pEl/
cybertech.freeoda.com/ct/go6hL733p4vjEnuu/
dahtkahm.com/ZWoU28T4TJH/
danoblab.com/wordpress_4/Fw/
darularqompatean.com/asq/IcVMFfwR65Yf8fMd5G/
davidwehrle.com/zgRNwNz72uHp56kxL/
demo.cansunoto.com/lYqTuQ0qe5r2Y/
detertecnica.com/var/azLISfW/
ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/
ftp.pricoat.com.mx/Fichas/3ybJLLXu5zqqn8Sx/
joomlaadvanced.com/marrowx/fbCctJXM0/
kairaliagencies.com/data_winning/AM9gRjhkiEc5m/
linhkiendoc.com/app/payments/qoy5JqpLqrbsKl/
ly.yjlianyi.top/wp-admin/NRAdJ/
mchat.medianewsonline.com/headers/onE6NirmxFsYoU3FHR/
mulmatdol.com/adm/Fa/
muyehuayi.com/cmp/Vtm2m7z88g/
nipunpharmaskill.com/fonts/CgI1tduJfA/
sourcecool.com/throng/iOD/
sourceintership.com/vendor/rZnJL9pPUjA9pU/
stickers-et-deco.com/Adapter/lYw/
straightmailconnect.com/cgi-bin/inc/
swiftwebbox.com/cgi-bin/vNqoMtQilpysJYRwtGu/
thebeginningstore.in/0202498070/m2x8inU7TSiuO3px/
thuybaohuy.com/wp-content/u3MJwXSP9tmiaTCyZD/
tugarden.com/docs/csv_import/rf6bMPAtbBPiDK/
updailymail.com/cgi-bin/gBYmfqRi2utIS2n/
vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/
webboxrep.com/cgi-bin/WSc3x09KmXuRK8Bpro/
yesdeko.com/app/yTjFWTnDxio/
/0202498070/m2x8inU7TSiuO3px/
/3d/0vzZVHw6At2SYrwiv5/
/admin3693/BDFFgAZ6zBRumcUSG/
/app/yTjFWTnDxio/
/application/irnz5Rs8qWvQrf/
/aspnet_client/5VLxhxQCFMinu6/
/asq/IcVMFfwR65Yf8fMd5G/
/asset/9aVFvYeaSKOhGBSLx/
/assets/mQVRrHu7o0eJXxTFu/
/cgi-bin/fWWuTf6mddh6Idq/
/cgi-bin/gBYmfqRi2utIS2n/
/cgi-bin/vNqoMtQilpysJYRwtGu/
/cgi-bin/WSc3x09KmXuRK8Bpro/
/cgi-bin/zR2mG25Ssk8dH/
/cmp/Vtm2m7z88g/
/css/5xdvDtgW0H4SrZokxM/
/ct/go6hL733p4vjEnuu/
/data_winning/AM9gRjhkiEc5m/
/doctors/KAacngW97n4ApzVBDdGy/
/Fichas/3ybJLLXu5zqqn8Sx/
/fonts/CgI1tduJfA/
/headers/onE6NirmxFsYoU3FHR/
/i-bmail/ecbxbEwwy/
/images/rbwMLaaD9HkvFU4Px/
/marrowx/fbCctJXM0/
/microsoft-clearscript/oVgMlzJ61/
/old/GdvEdPSuTgnDW1LtTIU/
/ost/NjKVUWPAuvq4Sr/
/php_fragments/D8Nwm2F80BL4s/
/semprichickoff2/pEl/
/storage/DCcq9ekgH99sI/
/var/azLISfW/
/vendor/rZnJL9pPUjA9pU/
/web_images/r4psvIE1r6WJT/
/wp-admin/NRAdJ/
/wp-admin/t3D/
/wp-admin/YvD46yh/
/wp-admin/z2qHkUROsrTf/
/wp-content/A8G3ownNApEj1L4hF/
/wp-content/Ra9iwOPb6uLf/
/wp-content/u3MJwXSP9tmiaTCyZD/
/wp-includes/xSorfU1K1iw/
/0vzZVHw6At2SYrwiv5/
/3H5qqUOB/
/3ybJLLXu5zqqn8Sx/
/5VLxhxQCFMinu6/
/5xdvDtgW0H4SrZokxM/
/9aVFvYeaSKOhGBSLx/
/A8G3ownNApEj1L4hF/
/AM9gRjhkiEc5m/
/BDFFgAZ6zBRumcUSG/
/CgI1tduJfA/
/D8Nwm2F80BL4s/
/DCcq9ekgH99sI/
/GdvEdPSuTgnDW1LtTIU/
/IcVMFfwR65Yf8fMd5G/
/KAacngW97n4ApzVBDdGy/
/NRAdJ/
/NjKVUWPAuvq4Sr/
/Ra9iwOPb6uLf/
/Vtm2m7z88g/
/WSc3x09KmXuRK8Bpro/
/YvD46yh/
/ZWoU28T4TJH/
/azLISfW/
/ecbxbEwwy/
/fWWuTf6mddh6Idq/
/fbCctJXM0/
/gBYmfqRi2utIS2n/
/go6hL733p4vjEnuu/
/irnz5Rs8qWvQrf/
/lYqTuQ0qe5r2Y/
/m2x8inU7TSiuO3px/
/mQVRrHu7o0eJXxTFu/
/oVgMlzJ61/
/onE6NirmxFsYoU3FHR/
/r4psvIE1r6WJT/
/rZnJL9pPUjA9pU/
/rbwMLaaD9HkvFU4Px/
/u3MJwXSP9tmiaTCyZD/
/vNqoMtQilpysJYRwtGu/
/xSorfU1K1iw/
/yTjFWTnDxio/
/z2qHkUROsrTf/
/zR2mG25Ssk8dH/
/zgRNwNz72uHp56kxL/

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-11-03-IOCs-for-Emotet-with-IcedID.txt

http://87.63.160.88
146.59.151.250:443
149.28.143.92:443
159.65.3.147:7080
165.227.166.238:8080
167.172.199.165:8080
169.60.181.70:8080
182.162.143.56:443
213.32.75.32:8080
27.254.65.114:8080
91.187.140.35:8080
96.125.171.165:7080

# Reference: https://twitter.com/Cryptolaemus1/status/1589379055094099969

cloudxml.com.br/L45R4qJJFH/ESXAIhm/
clockworktradeservices.com/wp-admin/uFRWXkuTnDAbQtIO/
copunupo.ac.zm/cgi-bin/bNoAgU9/
demarsoft.com/ALPHAINSTALLS.US/lTsjpA6/
/ALPHAINSTALLS.US/lTsjpA6/
/cgi-bin/bNoAgU9/
/L45R4qJJFH/ESXAIhm/
/wp-admin/uFRWXkuTnDAbQtIO/
/bNoAgU9/
/ESXAIhm/
/L45R4qJJFH/
/lTsjpA6/
/uFRWXkuTnDAbQtIO/

# Reference: https://twitter.com/Cryptolaemus1/status/1589379055094099969

atici.net/old/PkZI74DD/
clanbaker.org/css/khhl7kT2n69n/
cs.com.sg/Backup/Bk778kXNKMiH5vH/
j2ccamionmagasin.fr/css/1Mp8y/
/Backup/Bk778kXNKMiH5vH/
/css/1Mp8y/
/css/khhl7kT2n69n/
/old/PkZI74DD/
/Bk778kXNKMiH5vH/
/khhl7kT2n69n/
/PkZI74DD/

# Reference: https://twitter.com/Cryptolaemus1/status/1589504155949072385

bikkviz.com/wp-admin/NyT44HkVg/
blacksebo.de/sharedassets/fA/
chist.com/dir-/HH/
coadymarine.com/Admin/ekamS7WWDkLwS44q/
/Admin/ekamS7WWDkLwS44q/
/wp-admin/NyT44HkVg/
/ekamS7WWDkLwS44q/
/NyT44HkVg/

# Reference: https://twitter.com/Cryptolaemus1/status/1589388518409015296

atici.net/old/PkZI74DD/
bigm.ir/wp-admin/jzIV5U90h9qbK7WK8RTZ/
bikkviz.com/wp-admin/NyT44HkVg/
blacksebo.de/sharedassets/fA/
blangkonstudio.com/webdeveloper/XZ/
borntobefree.org.za/d3hEMgx7B/gKjYZXet98DzbCPzMsQ/
brianso.com/imagenes/QQs
bytesendesign.nl/cgi-bin/oJYQiWRZITmFqE1H/
caimari.com/wp-includes/E3/
central-nutrition.com/wp-content/Nh1L6YR4qlDFWS58cVB/
chacaltattoo.com.br/css/m51P4/
championsfactorysampaios.com.br/xt5HKu/tDs8WsKOxQFq/
charmingsoftech.com/AMMAN/AAVuCNHo/
chawkyfrenn.com/icon/BzGzSWFZIZGaTK/
cheffsys.com/css/5JqXCHJmidSY/
chist.com/dir-/HH/
clanbaker.org/css/khhl7kT2n69n/
coadymarine.com/Admin/ekamS7WWDkLwS44q/
controlnetworks.com.au/wp-content/nlwkhG9/
cs.com.sg/Backup/Bk778kXNKMiH5vH/
cultura.educad.pe/wp-content/j7xDGLEkY/
dacsandongthapmuoi.vn/system/cron/HwOtNCFo/
datie-tw.com/img/SvH/
demirelmarka.com/wp-admin/vMmu5VHyAbUgIU/
detertecnica.com/var/yROsVkd/
encuadernacionesartis.com/Vk2Z1Na/
eznetb.synology.me/@eaDir/7ks2a6g9TV/
j2ccamionmagasin.fr/css/1Mp8y/
laboritmtest2022.scienceontheweb.net/images/aV5RfMoiboyOdnswRa/
mulmatdol.com/adm/QBdMh52eJUVp/
nlasandbox3.com/backup/30GgTbqrmoBcs/
royreid.co.uk/wp-content/UIa3o/
sat7ate.com/wordpress/XZOzT/
webhoanggia.com/wp-admin/HfvXIwOTCGao9A/
yesdeko.com/app/Fxxsxdcj25x/
/@eaDir/7ks2a6g9TV/
/AMMAN/AAVuCNHo/
/Admin/ekamS7WWDkLwS44q/
/Backup/Bk778kXNKMiH5vH/
/adm/QBdMh52eJUVp/
/app/Fxxsxdcj25x/
/backup/30GgTbqrmoBcs/
/cgi-bin/oJYQiWRZITmFqE1H/
/css/1Mp8y/
/css/5JqXCHJmidSY/
/css/khhl7kT2n69n/
/css/m51P4/
/d3hEMgx7B/gKjYZXet98DzbCPzMsQ/
/icon/BzGzSWFZIZGaTK/
/images/aV5RfMoiboyOdnswRa/
/old/PkZI74DD/
/sharedassets/fA/
/var/yROsVkd/
/wordpress/XZOzT/
/wp-admin/HfvXIwOTCGao9A/
/wp-admin/NyT44HkVg/
/wp-admin/jzIV5U90h9qbK7WK8RTZ/
/wp-admin/vMmu5VHyAbUgIU/
/wp-content/Nh1L6YR4qlDFWS58cVB/
/wp-content/UIa3o/
/wp-content/j7xDGLEkY/
/wp-content/nlwkhG9/
/wp-includes/E3/
/xt5HKu/tDs8WsKOxQFq/
/1Mp8y/
/30GgTbqrmoBcs/
/5JqXCHJmidSY/
/7ks2a6g9TV/
/AAVuCNHo/
/Bk778kXNKMiH5vH/
/BzGzSWFZIZGaTK/
/Fxxsxdcj25x/
/HfvXIwOTCGao9A/
/Nh1L6YR4qlDFWS58cVB/
/NyT44HkVg/
/PkZI74DD/
/QBdMh52eJUVp/
/UIa3o/
/XZOzT/
/aV5RfMoiboyOdnswRa/
/ekamS7WWDkLwS44q/
/gKjYZXet98DzbCPzMsQ/
/j7xDGLEkY/
/jzIV5U90h9qbK7WK8RTZ/
/khhl7kT2n69n/
/m51P4/
/nlwkhG9/
/oJYQiWRZITmFqE1H/
/tDs8WsKOxQFq/
/Vk2Z1Na/
/vMmu5VHyAbUgIU/
/yROsVkd/

# Reference: https://twitter.com/Cryptolaemus1/status/1589732714327863296

http://45.32.114.141
ftp.agoraexpress.info/cgi-bin/rooSQD2tWB/
/cgi-bin/rooSQD2tWB/
/xilte/SYtPsYVOaJpNvcqVTOi/
/rooSQD2tWB/
/SYtPsYVOaJpNvcqVTOi/

# Reference: https://www.virustotal.com/gui/file/0009cbfd7cf6a60a4b3c5019cb5e14db0fbc7953190c7a1809ee58aec8cca41e/detection

157.245.196.132:443

# Reference: https://twitter.com/Cryptolaemus1/status/1589745690741075968

db.rikaz.tech/lCx76IlkrBtEsqNFA7/H9YoD9PuGAHGb3MHZz/
/lCx76IlkrBtEsqNFA7/H9YoD9PuGAHGb3MHZz/
/H9YoD9PuGAHGb3MHZz/
/lCx76IlkrBtEsqNFA7/

# Reference: https://twitter.com/Cryptolaemus1/status/1589750824900919296

amorecuidados.com.br/wp-admin/baPRbSWvbBq/
bencevendeghaz.hu/2zjoi/aUJLqwAxxlq/
manchesterot.co.uk/about-us/KEfGo/
nipunpharmaskill.com/fonts/jHAVDcbRKKHP24FAf/
/2zjoi/aUJLqwAxxlq/
/about-us/KEfGo/
/fonts/jHAVDcbRKKHP24FAf/
/wp-admin/baPRbSWvbBq/
/aUJLqwAxxlq/
/baPRbSWvbBq/
/jHAVDcbRKKHP24FAf/

# Reference: https://twitter.com/Cryptolaemus1/status/1589733840494661632

bet-invest.com/mail/nui/

# Reference: https://twitter.com/Cryptolaemus1/status/1589881351347798017

conceptagency.net/css/zXC/
cpcwiki.de/images/rirOpdztUEfG7WJ/
a.angel-tn.idv.tw/web_images/aa7fEDOPvT2F1i/
atashelement.ir/qds-seo-url-autofill/tmSetsq0wxsmXdA/
/images/rirOpdztUEfG7WJ/
/qds-seo-url-autofill/tmSetsq0wxsmXdA/
/web_images/aa7fEDOPvT2F1i/
/aa7fEDOPvT2F1i/
/rirOpdztUEfG7WJ/
/tmSetsq0wxsmXdA/

# Reference: https://twitter.com/Cryptolaemus1/status/1589899566651830273

3d-stickers.com/cache/ULfOeC4z7U/
annunziato.com.br/swf/5FJ0eeAsKYPctsq/
argojeans.com/FxCredit/tGNivisLKJet7a/
blacksmithbooks.com/blog/yinA3nT/
coinkub.com/wp-content/NL7Ddclhm/
files.encendercomunicacion.com/jardinesdelpilar/7tTka2RzzAH/
navylin.com/autopoisonous/yT4y0aa/
talles.atwebpages.com/sistemas/2WReqC3w1bZsCp/
/autopoisonous/yT4y0aa/
/blog/yinA3nT/
/cache/ULfOeC4z7U/
/FxCredit/tGNivisLKJet7a/
/jardinesdelpilar/7tTka2RzzAH/
/sistemas/2WReqC3w1bZsCp/
/swf/5FJ0eeAsKYPctsq/
/wp-content/NL7Ddclhm/
/2WReqC3w1bZsCp/
/5FJ0eeAsKYPctsq/
/7tTka2RzzAH/
/NL7Ddclhm/
/ULfOeC4z7U/
/tGNivisLKJet7a/
/yT4y0aa/
/yinA3nT/

# Reference: https://twitter.com/Cryptolaemus1/status/1589955216698265600

cngst.com/data/fXWpDbJ3KwAybE/
/data/fXWpDbJ3KwAybE/
/fXWpDbJ3KwAybE/

# Reference: https://twitter.com/Unit42_Intel/status/1590002190298804225
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-11-07-IOCs-for-Emotet-infection-with-IcedID-and-Bumblebee.txt

54.37.70.105:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1590109516355338240

bevos-training.com/images/MtzUd/
bwsengineering.co.za/configSHV/H0Rs/
cecambrils.cat/wp-content/cXEhHssszV/
chobemaster.com/INFECTED/LEdXM4gdwN4mgnlC/
clinicaportalpsicologia.com.br/wp-includes/d6tkyFFBNwY/
cngst.com/data/fXWpDbJ3KwAybE/
ctel.com.my/images/J5FV3DsngleQ3/
cubix-is.nl/___installation/xRTDRO4qVNwMIg9Wd2u/
ec2-52-89-237-150.us-west-2.compute.amazonaws.com/bhr/wwqjkbu6mk/
hsweixintp.com/wp-admin/4m1WxDxza6D8SVrfF/
kabaruntukrakyat.com/wp-content/ES/
spinbalence.com/admin3693/Z6WQpmNRNj6041fU2zpt/
stickers-et-deco.com/admin002vqimbe/hRFZkkzLIl/
/INFECTED/LEdXM4gdwN4mgnlC/
/___installation/xRTDRO4qVNwMIg9Wd2u/
/admin002vqimbe/hRFZkkzLIl/
/admin3693/Z6WQpmNRNj6041fU2zpt/
/bhr/wwqjkbu6mk/
/configSHV/H0Rs/
/data/fXWpDbJ3KwAybE/
/images/J5FV3DsngleQ3/
/images/MtzUd/
/wp-admin/4m1WxDxza6D8SVrfF/
/wp-content/cXEhHssszV/
/wp-includes/d6tkyFFBNwY/
/4m1WxDxza6D8SVrfF/
/J5FV3DsngleQ3/
/LEdXM4gdwN4mgnlC/
/Z6WQpmNRNj6041fU2zpt/
/cXEhHssszV/
/d6tkyFFBNwY/
/fXWpDbJ3KwAybE/
/hRFZkkzLIl/
/wwqjkbu6mk/
/xRTDRO4qVNwMIg9Wd2u/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-08%20Emotet%20(E4)%20IOCs

119.59.103.152:8080
139.59.56.73:8080
169.57.156.166:8080
187.63.160.88:80
5.135.159.50:443
95.217.221.146:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1590287397295919104

brittknight.com/PHP/qy6/
chawkyfrenn.com/icon/LRWYSefRL7/
chist.com/dir-/N5zALqqTmf/
christplanet.com/wp-admin/maint/mtlsi/TxsAE7TAAb/
cubicegg.asia/assets/hQlJfFO/
cultura.educad.pe/wp-content/Vy5ft0Rw/
darwinistic.com/icon/pvxwXfuOXowTDDg/
demo.cansunoto.com/lYqTuQ0qe5r2Y/JM1VqkOTTwt7Bvsu/
devinagallagher.com/NSA/BVks/
greenvalleyschool.com/rand_images/wbd79XyFhB/
helpeve.com/wp-admin/sOdeuF1c4DV2h/
llev.com.br/app/MpWGl120ya0z56ky/
m-ainsurance.com/wp-admin/M4ezdm1UfI/
nlasandbox3.com/backup/iCxLdPuH6tfxDQR2/
yesdeko.com/app/mydLAE/
/app/MpWGl120ya0z56ky/
/app/mydLAE/
/assets/hQlJfFO/
/backup/iCxLdPuH6tfxDQR2/
/dir-/N5zALqqTmf/
/icon/LRWYSefRL7/
/icon/pvxwXfuOXowTDDg/
/lYqTuQ0qe5r2Y/JM1VqkOTTwt7Bvsu/
/rand_images/wbd79XyFhB/
/wp-admin/M4ezdm1UfI/
/wp-admin/maint/
/wp-admin/sOdeuF1c4DV2h/
/wp-content/Vy5ft0Rw/
/JM1VqkOTTwt7Bvsu/
/LRWYSefRL7/
/lYqTuQ0qe5r2Y/
/M4ezdm1UfI/
/MpWGl120ya0z56ky/
/N5zALqqTmf/
/Vy5ft0Rw/
/hQlJfFO/
/iCxLdPuH6tfxDQR2/
/mydLAE/
/pvxwXfuOXowTDDg/
/sOdeuF1c4DV2h/
/wbd79XyFhB/

# Reference: https://twitter.com/Cryptolaemus1/status/1590300086541897729

wordpress.xinmoshiwang.com/list/1N5ty/
/list/1N5ty/

# Reference: https://twitter.com/Cryptolaemus1/status/1590296886929674240

cepasvirtual.com.ar/moodle/Lb4gSXE/
chawkyfrenn.com/icon/LRWYSefRL7/
christplanet.com/wp-admin/maint/mtlsi/TxsAE7TAAb/
ftp.appleshipstores.com/admin/8rsSDMyJv31SRdz/
helpeve.com/wp-admin/sOdeuF1c4DV2h/
onaltiyadokuz.net/wp-snapshots/9Fvr0E6cY/
/admin/8rsSDMyJv31SRdz/
/icon/LRWYSefRL7/
/moodle/Lb4gSXE/
/wp-admin/maint/
/wp-admin/sOdeuF1c4DV2h/
/wp-snapshots/9Fvr0E6cY/
/8rsSDMyJv31SRdz/
/9Fvr0E6cY/
/LRWYSefRL7/
/Lb4gSXE/
/TxsAE7TAAb/
/sOdeuF1c4DV2h/

# Reference: https://twitter.com/Cryptolaemus1/status/1590387098594717697

angloextrema.com.br/assets/oEt1yYckHKlnNIq/
bundlefilm.com/headers/lkfBH3Czw9CjEW07P2/
camsanparke.net/wp-content/h2Ja5bwB03hnyfCb/
concivilpa.com.py/wp-admin/i3CQu9dzDrMW/
cs.com.sg/admin/a1lR5wu/
muyehuayi.com/cmp/8asA99KPsyA/v6lUsWbLen/
royreid.co.uk/wp-content/dCwG/
wijsneusmedia.nl/cgi-bin/kFB/
/admin/a1lR5wu/
/assets/oEt1yYckHKlnNIq/
/cmp/8asA99KPsyA/
/headers/lkfBH3Czw9CjEW07P2/
/wp-admin/i3CQu9dzDrMW/
/wp-content/dCwG/
/wp-content/h2Ja5bwB03hnyfCb/
/8asA99KPsyA/
/a1lR5wu/
/h2Ja5bwB03hnyfCb/
/i3CQu9dzDrMW/
/lkfBH3Czw9CjEW07P2/
/oEt1yYckHKlnNIq/

# Reference: https://www.virustotal.com/gui/file/00f4cf37659112079af518ca20cdf2cd80bd41a63c0bcf4cde328cd476fcd952/detection

csmbuildersllc.com/wp-admin/teqvm_n0yai_84/
eldiosstore.com/css/qpfv_e_y3lk0sp6i/
luckyme247.com/wp-admin/qawpw_v1_ghe1wmzxzc/
vandamebuilders.com/wp-admin/e2ky_18j8_wn4v/
/css/qpfv_e_y3lk0sp6i/
/wp-admin/qawpw_v1_ghe1wmzxzc/
/wp-admin/e2ky_18j8_wn4v/
/wp-admin/teqvm_n0yai_84/
/e2ky_18j8_wn4v/
/qawpw_v1_ghe1wmzxzc/
/qpfv_e_y3lk0sp6i/
/teqvm_n0yai_84/

# Reference: https://twitter.com/Cryptolaemus1/status/1590745828167421953

akarweb.net/cgi-bin/CL13tGXI/
asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/
bdbg.es/css/DDm7o71vWtTs/
bencevendeghaz.hu/2zjoi/cwfKJOzA/
blacktequila.com.br/2fb62HWWoKi5nfEq2D/XB5VOAXZkhVhSKveYUV/
bosny.com/aspnet_client/R50QIOGjmvVlr/
bwsengineering.co.za/configSHV/ot3TehH82zNjjRPuFKH/
bytesendesign.nl/cgi-bin/LolX/
case.co.il/_js/dooigYa/
centralcnc.co.uk/wpimages/XdfFc/
cesasin.com.ar/administrator/viA95RR/
charmingsoftech.com/AMMAN/bUM7CGZ4NB2vAiJMPi/
choltice.eu/mwc/syl3Y/
conceptagency.net/css/b8eaKN/
cubicegg.asia/assets/hAr6tUluhw785R/
darwinistic.com/icon/564vSKxXj/
db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/
encuadernacionesartis.com/Vk2Z1Na/IZpyySkbU/
eznetb.synology.me/@eaDir/E36Y/
fixoutlet.com/logs/OGlRuU/
greenvalleyschool.com/rand_images/RCGNrvL5ZTH/
hsweixintp.com/wp-admin/NP0kMO3VgxpmpkJ/
kabaruntukrakyat.com/wp-content/CgMGJbAKsNa/
navylin.com/autopoisonous/4fZQW/
ruitaiwz.com/wp-admin/MXlp5IsUKwT1k0DtzT/
vinyz.com/cache/rqWV/
yuanliao.raluking.com/1eq5o7/gHrTM8YilZz0quKt/
/1eq5o7/gHrTM8YilZz0quKt/
/2fb62HWWoKi5nfEq2D/XB5VOAXZkhVhSKveYUV/
/2zjoi/cwfKJOzA/
/@eaDir/E36Y/
/AMMAN/bUM7CGZ4NB2vAiJMPi/
/Vk2Z1Na/IZpyySkbU/
/_js/dooigYa/
/administrator/viA95RR/
/aspnet_client/R50QIOGjmvVlr/
/assets/hAr6tUluhw785R/
/autopoisonous/4fZQW/
/cache/rqWV/
/cgi-bin/CL13tGXI/
/cgi-bin/LolX/
/configSHV/ot3TehH82zNjjRPuFKH/
/css/DDm7o71vWtTs/
/css/b8eaKN/
/icon/564vSKxXj/
/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/
/logs/OGlRuU/
/mwc/syl3Y/
/nutabalong/bJYqoUIr99qNfoPDx/
/rand_images/RCGNrvL5ZTH/
/xilte/Uqm6Eysf3Hkjwh/
/wp-admin/MXlp5IsUKwT1k0DtzT/
/wp-admin/NP0kMO3VgxpmpkJ/
/wp-content/CgMGJbAKsNa/
/wpimages/XdfFc/
/1eq5o7/
/2fb62HWWoKi5nfEq2D/
/4fZQW/
/564vSKxXj/
/CL13tGXI/
/CgMGJbAKsNa/
/DDm7o71vWtTs/
/IZpyySkbU/
/MXlp5IsUKwT1k0DtzT/
/NP0kMO3VgxpmpkJ/
/OGlRuU/
/R50QIOGjmvVlr/
/RCGNrvL5ZTH/
/Uqm6Eysf3Hkjwh/
/XB5VOAXZkhVhSKveYUV/
/b8eaKN/
/bJYqoUIr99qNfoPDx/
/bUM7CGZ4NB2vAiJMPi/
/cwfKJOzA/
/gHrTM8YilZz0quKt/
/hAr6tUluhw785R/
/lCx76IlkrBtEsqNFA7/
/ot3TehH82zNjjRPuFKH/
/syl3Y/
/viA95RR/
/zPYJzpOnzstNOiRHob/

# Reference: https://twitter.com/Cryptolaemus1/status/1590972076361277440

yjlianyi.top
ly.yjlianyi.top
bluefishdesign.com.au/css/yCC5Rv9tiqxfBLMXcwM/
copunupo.ac.zm/cgi-bin/WFFcGx/
datie-tw.com/img/O8G0RDZj7MYCuJyPoP/
ly.yjlianyi.top/wp-admin/4cChao/
m-ainsurance.com/wp-admin/1oJ76JANHaGgWqeHl5/
manchesterot.co.uk/about-us/kka/
sbm.xinmoshiwang.com/upload/VaOfWEb3pW76UO/
wordpress.xinmoshiwang.com/list/OIovG/
/cgi-bin/WFFcGx/
/css/yCC5Rv9tiqxfBLMXcwM/
/img/O8G0RDZj7MYCuJyPoP/
/list/OIovG/
/upload/VaOfWEb3pW76UO/
/wp-admin/1oJ76JANHaGgWqeHl5/
/wp-admin/4cChao/
/1oJ76JANHaGgWqeHl5/
/O8G0RDZj7MYCuJyPoP/
/VaOfWEb3pW76UO/
/yCC5Rv9tiqxfBLMXcwM/

# Reference: https://twitter.com/Cryptolaemus1/status/1590985389707493379

fullwiz.com.br/erros/Wu9S9gAd/
gla.ge/old_opera/drrGxxFy1osfV2/
primefind.com/my_pictures/VjT203NcgE/
swork.pl/de/8fj4XT/
/erros/Wu9S9gAd/
/my_pictures/VjT203NcgE/
/old_opera/drrGxxFy1osfV2/
/drrGxxFy1osfV2/
/VjT203NcgE/
/Wu9S9gAd/

# Reference: https://twitter.com/Cryptolaemus1/status/1591132242532655105

d4842.cp.irishdomains.com/issa/images/kbwwxkgV1akI2jW8ZKs/
dominionai.org/TI55pT5PYd/VPHWTnzQe/
drpektas.com/vendor/wY8q9ZEbe9UOdpET/
erkaradyator.com.tr/Areas/Ar2lgC3yhtxBY/
etelefon.ro/docs/csv_import/Njpcdo0xA8qV5Qik/
focusmedica.in/CG4YYrfcFISmm7Q94/
forgione.com.ar/genealogia/dRBVyl/
fromthetrenchesworldreport.com/analytics/ZY5ntk/
globallaborsupply.com/wp-admin/eaeUuTop/
rud-tech.5v.pl/download/pl5/
weathermaps.ir/maps/A8srcXuPMyk6EAbW3/
web.ferno.sk/wp-content/pWLdtgNRJjGIs4V/
/Areas/Ar2lgC3yhtxBY/
/TI55pT5PYd/VPHWTnzQe/
/analytics/ZY5ntk/
/download/pl5/
/genealogia/dRBVyl/
/maps/A8srcXuPMyk6EAbW3/
/vendor/wY8q9ZEbe9UOdpET/
/wp-admin/eaeUuTop/
/wp-content/pWLdtgNRJjGIs4V/
/A8srcXuPMyk6EAbW3/
/Ar2lgC3yhtxBY/
/CG4YYrfcFISmm7Q94/
/dRBVyl/
/eaeUuTop/
/Njpcdo0xA8qV5Qik/
/pWLdtgNRJjGIs4V/
/VPHWTnzQe/
/wY8q9ZEbe9UOdpET/
/ZY5ntk/

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-11-11%20Emotet%20(E4)%20IOCs

153.92.5.27:8080
173.255.211.88:443
202.129.205.3:8080
45.63.99.23:7080

# Reference: https://twitter.com/malwrhunterteam/status/1591413286112792576
# Reference: https://www.virustotal.com/gui/file/0864a393aaf556db7fb7ed793627e8a8213d5089f606e56d78d07176e7edf2dc/detection
# Reference: https://www.virustotal.com/gui/file/201f433e98034b3720f7dc0da5670f60d6c278c57136154c17a554c363c92405/detection

doithuongclubb.com
gamedoithuong69.com
gamedoithuongvip.com
gametoping.win
playgo88.online
wijsneusmedia.nl

# Reference: https://www.virustotal.com/gui/file/0075e51fb7ef62062cb1d9b626838bf08c57b0f9c8e3255abd2ad93790a7a644/detection

homanjalitimes.com/umo88/oc3w/
rilaitsolutions.com/wp-includes/fp74z/
sahastrajeet.com/cgisimple/vv/

# Reference: https://www.intrinsec.com/emotet-returns-and-deploys-loaders/
# Reference: https://otx.alienvault.com/pulse/63bd3356c377f34be5a490f2
# Reference: https://raw.githubusercontent.com/Intrinsec/IOCs/main/Emotet/INTRINSEC_MLW_EMOTET_IOCs_09_01_2023.csv

http://115.178.55.22
128.199.242.164:8080
139.59.80.108:8080
160.16.143.191:8080
172.105.115.71:8080
186.250.48.5:443
188.165.79.151:443
190.145.8.4:443
218.38.121.17:443
46.101.98.60:8080
82.98.180.154:7080
83.229.80.93:8080

# Reference: https://www.virustotal.com/gui/file/070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89/detection

ourproductreview.in/pokjbg746ihrtr/a1kzwc/
ta-behesht.ir/images/Provx00a/
tatcogroup.ir/wp-admin/UC/
tcpartner.ru/wp-includes/nr8/
tepcian.utcc.ac.th/wp-admin/SquR/
/images/Provx00a/
/pokjbg746ihrtr/a1kzwc/
/a1kzwc/
/pokjbg746ihrtr/
/Provx00a/

# Reference: https://www.virustotal.com/gui/file/02be4df68e31c4b3e1357d80caa4f107b113888ff35908ef3d8c4eaa057731b5/detection

http://75.80.124.4
luzzeri.com/wp-includes/T1mrkC/
webhostingsrilanka.info

# Reference: https://www.virustotal.com/gui/file/66cf65178099c0dc02f51ffb7f4f3f2fe6e6b9f216d855172eeed318023b3308/detection

getbestprize.life
c201122.getbestprize.life
helionspharmaceutical.com/wp-admin/WplVDxeji/
iowawebhosting.com/cgi-bin/8li/
maksi.feb.unib.ac.id/wp-admin/qFFKjLkYnc/
srno.hu/sys-cache/AesH/
/wp-admin/qFFKjLkYnc/
/wp-admin/WplVDxeji/
/qFFKjLkYnc/
/WplVDxeji/

# Reference: https://www.virustotal.com/gui/file/39cc9447421a8745f3485154ea4a5e4e71794c275dcb9185fac7c22d33afa273/detection

top-grandwinners.life
global.getbestprize.life

# Reference: https://www.virustotal.com/gui/file/064d298cbc041ac02844183e54bec071ef76d72b827491b6035c06687c8f13db/detection

http://103.75.201.2
http://159.89.202.34
http://182.162.143.56
http://213.239.212.5

# Reference: https://www.virustotal.com/gui/file/1a804ffd462ba27419978f1b8447ee4c49866c93d98bbdb14eab2e014a0b6e75/detection

http://70.184.69.146
51.77.113.100:7080

# Reference: https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion

audioselec.com/about/dDw5ggtyMojggTqhc/
geringer-muehle.de/wp-admin/G/
intolove.co.uk/wp-admin/FbGhiWtrEzrQ/
isc.net.ua/themes/3rU/
blacksebo.de/sharedassets/fA/
bikkviz.com/wp-admin/NyT44HkVg/
chist.com/dir-/HH/
coadymarine.com/Admin/ekamS7WWDkLwS44q/
/Admin/ekamS7WWDkLwS44q/
/about/dDw5ggtyMojggTqhc/
/wp-admin/FbGhiWtrEzrQ/
/wp-admin/NyT44HkVg/
/dDw5ggtyMojggTqhc/
/ekamS7WWDkLwS44q/
/FbGhiWtrEzrQ/
/NyT44HkVg/

# Reference: https://www.virustotal.com/gui/file/009cfb34ebf7b1745ca434d32be7ccb9fd754ffe413d99ccc1a4dc4c815e7d5c/detection

http://134.249.116.78
7continents7lawns.com/huWJYej
7naturalessences.com/iX
marqets.ru/tlyJ

# Reference: https://twitter.com/TrackerC2Bot/status/1602328555412766721

http://168.197.250.14
http://186.250.48.5
http://191.252.103.16
/v1/uploads/87DtpAEZULSccOn/

# Reference: https://twitter.com/TrackerC2Bot/status/1604273438520184832

123.253.35.251:443
23.236.181.126:443
66.85.173.3:443

# Reference: https://twitter.com/TrackerC2Bot/status/1604453359016108032

39.105.218.170:8443

# Reference: https://www.virustotal.com/gui/file/61f99c98f8617515338005a3922ec4ffbce70f4b438cc8202dc1d9dfeab5ed5b/detection

locallyeshop.com/wp-admin/2AFjFhlK6/
tekhubtechnologies.com/wp-admin/sjzfhw/
timotheus.ua/wp-content/zyul/
/wp-admin/2AFjFhlK6/
/wp-admin/sjzfhw/
/wp-content/zyul/

# Reference: https://www.virustotal.com/gui/file/04c40043a6f85ced583227c163faec46ab1ea268357293dea65e35744895955c/detection

http://174.106.122.139
crazyboxs.com/cgi-bin/IaJ/
fakeread.com/OneSignal-Web-SDK-HTTPS-Integration-Files/Wf/
firhajshoes.com/wp-admin/RgaiT/
nuhatoys.com/wp-admin/WWA4R/
rttutoring.com/wp-includes/LlbY6o/
/a9pTaxUAtg313Ls/GHiLdf/
/CjoICCByZ/tJJngey8pUZ8tp/
/UHEQLNGath4ZFWZCIf4/BHJdNDN3wlbq/
/a9pTaxUAtg313Ls/GHiLdf/
/BHJdNDN3wlbq/
/CjoICCByZ/
/GHiLdf/
/UHEQLNGath4ZFWZCIf4/
/a9pTaxUAtg313Ls/
/tJJngey8pUZ8tp/

# Reference: https://twitter.com/TrackerC2Bot/status/1616148494141489177

5.189.160.61:443

# Reference: https://twitter.com/TrackerC2Bot/status/1616233405175193600

krrkrkrgsa.ink

# Reference: https://twitter.com/TrackerC2Bot/status/1616406790471655427

46.101.234.246:8080

# Reference: https://twitter.com/TrackerC2Bot/status/1619850506045722626

87.118.70.45:8080

# Reference: https://twitter.com/TrackerC2Bot/status/1620665259584376832

143.0.245.169:8080

# Reference: https://www.virustotal.com/gui/file/1950115a8b99d6cd3ead86016d68f9bae9e223c4437d67bfaae3e6b9c5c9889f/detection

http://195.250.143.182

# Reference: https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_07.03.2023.txt

http://139.219.4.166
66.228.32.31:7080
91.121.146.47:8080
midcoastsupplies.com.au/configNQS/Es2oE4GEH7fbZ/
mtp.evotek.vn/wp-content/L/
189dom.com/xue80/C0aJr5tfI5Pvi8m/
esentai-gourmet.kz/404/EDt0f/
snaptikt.com/wp-includes/aM4Cz6wp2K4sfQ/
diasgallery.com/about/R/
/configNQS/Es2oE4GEH7fbZ/
/wp-includes/aM4Cz6wp2K4sfQ/
/wp-includes/XXrRaJtiutdHn7N13/
/xue80/C0aJr5tfI5Pvi8m/
/aM4Cz6wp2K4sfQ/
/C0aJr5tfI5Pvi8m/
/Es2oE4GEH7fbZ/
/XXrRaJtiutdHn7N13/

# Reference: https://twitter.com/Max_Mal_/status/1633201027146043392
# Reference: https://twitter.com/Max_Mal_/status/1633201794607116289

186.194.240.217:7080

# Reference: https://twitter.com/Max_Mal_/status/1633202578384117762

104.248.155.133:443
146.59.151.50:443
167.172.248.70:8080
187.63.160.88:443

# Reference: https://twitter.com/Cryptolaemus1/status/1633439356974161920

http://106.54.169.77
3313v.com/ki7xh/QpSQfw9CPTFtNs4/
acfs-brisbane.org.au/ARCHIVE/Cen7LJ4iXlpWfb0/
ali.faqun.cn/8uhjvgd/nhAOl4DRmdOKz/
baumart.lv/wp-admin/S8jHW33QU77gLz/
besthome.kz/docs/xtbWXvPtI0qQM/
beyond.psiloveyou.co.za/dR05Bvq90dvlsVBzn/
blog.perio.com.tr/wp-admin/Boo3JTROHh7/
diagnostic.net/news/5P/
dnautik.com/wp-includes/UmAJjAP/
lisaerp.com/ncsA/g7zWosP/
ly.bi3x.org/magazini/pWKy5V5/
melkovsky.com/advice/ZRSaP7QA5yTv1fZs/
moiki.online/speedsale/XJdpbjT/
ns1.koleso.tc/b512c9bf0b/RnLGmaMVRRbyeY3nZb/
radiomarket.shop/catalog_def/6DZvRQnbYvOhjQfMnU/
tatianka.com/pub/WJPrHm5OtTt/
xinyuhuang.com/images/48onjwxGImMdiUx/
/8uhjvgd/nhAOl4DRmdOKz/
/advice/ZRSaP7QA5yTv1fZs/
/ARCHIVE/Cen7LJ4iXlpWfb0/
/b512c9bf0b/RnLGmaMVRRbyeY3nZb/
/catalog_def/6DZvRQnbYvOhjQfMnU/
/images/48onjwxGImMdiUx/
/ki7xh/QpSQfw9CPTFtNs4/
/pub/WJPrHm5OtTt/
/speedsale/XJdpbjT/
/wp-admin/Boo3JTROHh7/
/wp-admin/S8jHW33QU77gLz/
/48onjwxGImMdiUx/
/6DZvRQnbYvOhjQfMnU/
/Boo3JTROHh7/
/Cen7LJ4iXlpWfb0/
/dR05Bvq90dvlsVBzn/
/nhAOl4DRmdOKz/
/RnLGmaMVRRbyeY3nZb/
/S8jHW33QU77gLz/
/WJPrHm5OtTt/
/XJdpbjT/
/ZRSaP7QA5yTv1fZs/

# Reference: https://twitter.com/Cryptolaemus1/status/1633624755306655744
# Reference: https://urlhaus.abuse.ch/browse.php?search=tag%3Aemotet

/ARCHIVE/Cen7LJ4iXlpWfb0/
/BfumrDFaSvt/
/Cen7LJ4iXlpWfb0/
/Es2oE4GEH7fbZ/
/GNN9Fh9PyTtem3QjNJ/
/XXrRaJtiutdHn7N13/
/aM4Cz6wp2K4sfQ/
/about-us/BfumrDFaSvt/
/about-us/GNN9Fh9PyTtem3QjNJ/
/about-us/dKRRwATC1r1pz/
/aisjudrqltljeax/
/arsxtaqmruuplpum/
/configNQS/
/configNQS/Es2oE4GEH7fbZ/
/configNQS/mh7qtrxo/
/dKRRwATC1r1pz/
/jwthxfret/
/lpyrpszqkwnl/
/rbxfldxgrsfbf/
/rbxfldxgrsfbf/jujecq/arsxtaqmruuplpum/aisjudrqltljeax/
/t1oHZ1s5IYO0JE/
/vrdmtoakonzv/
/vrdmtoakonzv/lpyrpszqkwnl/
/vrdmtoakonzv/lpyrpszqkwnl/yxwfl/
/vrdmtoakonzv/lpyrpszqkwnl/yxwfl/xrqsvqy/
/wp-content/yxQWf/
/wp-includes/XXrRaJtiutdHn7N13/
/wp-includes/aM4Cz6wp2K4sfQ/
/wp-includes/t1oHZ1s5IYO0JE/
/ymnpwdwpx/sospyzw/
/wp-content/yxQWf/
/xGNYf1YCZ0ZF/
189dom.com/xue80/C0aJr5tfI5Pvi8m/
1it.fit/site_vp/uv4LLIIDH/
3313v.com/ki7xh/QpSQfw9CPTFtNs4/
acfs-brisbane.org.au/ARCHIVE/Cen7LJ4iXlpWfb0/
acfs-brisbane.org.au/ARCHIVE/dTVHslBcIgEB/
ahinft.com/wp-admin/NQWo5B8ww21EBAW/
aim-time.com/bitrix/AN/
ali.faqun.cn/8uhjvgd/nhAOl4DRmdOKz/
alwaysonq.com/web_map/UkwFMlO/
annefront.com/hproxy.php/eln-images/gANlH/
arlex.su/services/WSxJ50NpOv7W/
as-auto.su/eshop_app/HH2j9SH/
baumart.lv/wp-admin/S8jHW33QU77gLz/
benconry.com/wp-includes/t1oHZ1s5IYO0JE/
besthome.kz/docs/xtbWXvPtI0qQM/
beyond.psiloveyou.co.za/dR05Bvq90dvlsVBzn/
blog.perio.com.tr/wp-admin/Boo3JTROHh7/
blute.com/3Dtech/jLu8IAnnj3gK9Wc/
bonita.pro/services/6njgHqkwYuu/
bugry.rent/2dec45dbc6/Elg6rjXOOxX/
chefshop.kz/bitrix/i7TCSWqoZ93MWdb/
counteract.com.br/wp-admin/WWcACJFy3Yn/
ctel.com.my/images/EaFVQUOOY6/
diagnostic.net/news/5P/
diasgallery.com/about/R/
dnautik.com/wp-includes/UmAJjAP/
do4aopt.com/email_layout/nFYBKBmLJQxGnQRuG4/
eco-fly.ru/news/u/
esentai-gourmet.kz/404/EDt0f/
etelefon.ro/docs/csv_import/Njpcdo0xA8qV5Qik/
fitnessfood.cafe/contacts/UuSmz4JpSUhTV8vQ7uh/
garrett.kz/faq/OneqxLnCFRgtiOXoo/
heyharryworldwide.com/cgi-bin/Jms7gw/
igryshka.com/about/TV/
ingramjapan.com/h9XwHYQu/
italdizain.az/brands/KtvqNy/
johnstewartstudies.org/clL1rQdzP1XCeJa5O3Z/
kakadu.by/news/7h1iV2qbu/
kanzler-style.com/images/TKzFbbTT/
kgsn.su/wp-includes/i65VIMRf/
kniharnia.by/tags/HDchr6YySVkmHh58R62P/
kroner.pro/wp-includes/wzYUuHY2h/
lisaerp.com/ncsA/g7zWosP/
ly.bi3x.org/magazini/pWKy5V5/
mama-mia.su/images/HNh3uWHxHCdqwQvBj/
manchesterot.co.uk/about-us/BfumrDFaSvt/
manchesterot.co.uk/about-us/GNN9Fh9PyTtem3QjNJ/
manchesterot.co.uk/about-us/dKRRwATC1r1pz/
maxidom.su/ufabon/1ucxMrl5AiGKl1yy/
mealux.by/personal/i2l4DLYTQAhh1ZuQof/
melkovsky.com/advice/ZRSaP7QA5yTv1fZs/
mi-shop.fi/store/U3XHjnJfGV/
midcoastsupplies.com.au/configNQS/Es2oE4GEH7fbZ/
midcoastsupplies.com.au/configNQS/JumpF0x/
midcoastsupplies.com.au/configNQS/mh7qtrxo/
midcoastsupplies.com.au/configNQS/rGgpv/
modern-city.by/bitrix/Bov/
moiki.online/speedsale/XJdpbjT/
mooremakeup.com/galleries/kenburns/
mtp.evotek.vn/wp-content/L/
mtp.evotek.vn/wp-content/L/?214340
myhisense.com/shops/gWXDiJ5a/
news.coin.su/personal/OzsyCyDFCfANBPNvH/
ns1.koleso.tc/b512c9bf0b/RnLGmaMVRRbyeY3nZb/
parnas.rent/ebcc974e24/AGN/
procraft.com/wp-content/R4Bkr8bQSo/
radiomarket.shop/catalog_def/6DZvRQnbYvOhjQfMnU/
res-energo.pro/search/fy3PEbeq2TmZrcuJwlV/
rodnye.by/forum/W17y2TUxK/
rref.su/uchastniki/aO44/
schaublorenz.su/auth/8B4JqBrKAGX/
snaptikt.com/wp-includes/aM4Cz6wp2K4sfQ/
steadyshop.pro/css/JWOmj7qE45opQah/
sto55.com/about-company/ZkYjYMFGvJo/
studyrf.com/information/wrzZ/
tatianka.com/pub/WJPrHm5OtTt/
transtekhnika.by/karta-diagnosticheskih-stanciy/fmCjk/
wandmaster.net/bitrix/FLx/
web.ferno.sk/wp-content/pWLdtgNRJjGIs4V/
xinyuhuang.com/images/48onjwxGImMdiUx/
xyktza.nbxyk.net/addons/cy163_customerservice/xGNYf1YCZ0ZF/

# Reference: https://twitter.com/Cryptolaemus1/status/1635588978543042560

4fly.su/search/NrRU1QOR77up6YK5/
abrokov.com/lang/SZnqErcEtuE/
api.660011.cc/wp-includes/b028GIRSxa4lY/
arlex.su/services/IE2h6fBsQRQOhHBI691U/
bbvoyage.com/useragreement/wT3Xx3Yg4SF3Oou/
dnautik.com/wp-includes/2KIUhNvW5/
garrett.kz/faq/B0faEHvS9msSo9xbVe/
mealux.by/pab4/wxuGxcqF85M/
res-energo.pro/search/ZTyxuAVvotJXUv/
rref.su/uchastniki/rNNdVArBjNc100n3p/
tnsukbi.ac.th/assets/aNjY9A7LhUg/
xn----7sbfecm2ak0azy.xn--p1ai/examples1/8V2sHugKijs/
xn--j1aadhdbbpr7hb.xn--p1ai/answer/xLtp8Rcegl15zK8B03m/
/answer/xLtp8Rcegl15zK8B03m/
/assets/aNjY9A7LhUg/
/examples1/8V2sHugKijs/
/faq/B0faEHvS9msSo9xbVe/
/lang/SZnqErcEtuE/
/pab4/wxuGxcqF85M/
/search/NrRU1QOR77up6YK5/
/search/ZTyxuAVvotJXUv/
/services/IE2h6fBsQRQOhHBI691U/
/uchastniki/rNNdVArBjNc100n3p/
/useragreement/wT3Xx3Yg4SF3Oou/
/wp-includes/2KIUhNvW5/
/wp-includes/b028GIRSxa4lY/
/2KIUhNvW5/
/8V2sHugKijs/
/B0faEHvS9msSo9xbVe/
/IE2h6fBsQRQOhHBI691U/
/NrRU1QOR77up6YK5/
/SZnqErcEtuE/
/ZTyxuAVvotJXUv/
/aNjY9A7LhUg/
/b028GIRSxa4lY/
/rNNdVArBjNc100n3p/
/wT3Xx3Yg4SF3Oou/
/wxuGxcqF85M/
/xLtp8Rcegl15zK8B03m/

# Reference: https://twitter.com/TrackerC2Bot/status/1635612477961519113

138.197.14.67:8080
159.65.135.222:7080
37.59.103.148:8080
93.84.115.205:7080

# Reference: https://twitter.com/Cryptolaemus1/status/1635666020294864899

29sbt.ru/lib/rl2xse0Do/
esentai-gourmet.kz/404/OcM99/
galib.su/blog/nElZbztT4rt/
melkovsky.com/advice/RPYJodQA0SLI102AwI/
test.xn--80adgd0afxokeh1b6di7c.xn--p1ai/bitrix/odLWfvAJXzXgVYGHNy/
ubik-shop.ru/wp-content/I9Quw1q1uI/
/404/OcM99/
/advice/RPYJodQA0SLI102AwI/
/bitrix/odLWfvAJXzXgVYGHNy/
/blog/nElZbztT4rt/
/lib/rl2xse0Do/
/wp-content/I9Quw1q1uI/
/I9Quw1q1uI/
/nElZbztT4rt/
/odLWfvAJXzXgVYGHNy/
/rl2xse0Do/
/RPYJodQA0SLI102AwI/

# Reference: https://twitter.com/tosscoinwitcher/status/1635748891831447552

193.194.92.175:443

# Reference: https://twitter.com/Cryptolaemus1/status/1636143375463112706
# Reference: https://twitter.com/Max_Mal_/status/1636142022686826500

ozmeydan.com/cekici/9/
softwareulike.com/cWIYxWMPkK/
wrappixels.com/wp-admin/GdIA2oOQEiO5G/
malli.su/img/PXN5J/
kts.group/35ccbf2003/jKgk8/
olgaperezporro.com/js/ExGBiCZdkkw0GBAuHNZ/
4fly.su/search/OfGA/
staging-demo.com/public_html/wTG/
semedacara.com.br/ava/ahhz/
hypernite.5v.pl/vendor/hvlVMsI9jGafBBTa/
polarkh-crewing.com/aboutus/EUzMzX7yXpP/
efirma.sglwebs.com/img/2mmLuv7SxhhYFRVn/
uk-eurodom.com/bitrix/9HrzPY66D1F/
1it.fit/site_vp/4PwK3s6Bf9K7TEA/
thailandcan.org/assets/ulRa/
/35ccbf2003/jKgk8/
/aboutus/EUzMzX7yXpP/
/bitrix/9HrzPY66D1F/
/img/2mmLuv7SxhhYFRVn/
/img/PXN5J/
/js/ExGBiCZdkkw0GBAuHNZ/
/site_vp/4PwK3s6Bf9K7TEA/
/vendor/hvlVMsI9jGafBBTa/
/wp-admin/GdIA2oOQEiO5G/
/2mmLuv7SxhhYFRVn/
/4PwK3s6Bf9K7TEA/
/9HrzPY66D1F/
/cWIYxWMPkK/
/EUzMzX7yXpP/
/GdIA2oOQEiO5G/
/ExGBiCZdkkw0GBAuHNZ/
/hvlVMsI9jGafBBTa/

# Reference: https://twitter.com/Cryptolaemus1/status/1636301071038693376

7gallery.com/Tempur/vowpsy6ObSB7UMui/
bosny.com/aspnet_client/LRYvI7/
dcdestudio.com.ar/dcd/71ycoQSy/
erkaradyator.com.tr/Areas/My5PdKnB/
li-sa.jp/_phpMyAdmin/IWxxPYWM8AI53xYqO4/
sipo.ru/images/UIbyj3q8881cJ/
snoek-landmeten.nl/Wordpress/Oh4CQgV/
walkiria.5v.pl/wp-includes/ZWHV38j/
webthaihosting.com/cgi-bin/wnDNU/
/_phpMyAdmin/IWxxPYWM8AI53xYqO4/
/Areas/My5PdKnB/
/aspnet_client/LRYvI7/
/cgi-bin/wnDNU/
/dcd/71ycoQSy/
/images/UIbyj3q8881cJ/
/Tempur/vowpsy6ObSB7UMui/
/Wordpress/Oh4CQgV/
/wp-includes/ZWHV38j/
/IWxxPYWM8AI53xYqO4/
/My5PdKnB/
/UIbyj3q8881cJ/
/vowpsy6ObSB7UMui/
/ZWHV38j/

# Reference: https://twitter.com/Cryptolaemus1/status/1636469133457133568

gdcgroup.vn/wp-admin/XhSB9nYvO/
greenisco.com/scripts/lrXyEqX/
hairmaxsoftware.com/software/qKMFckuq1Uc/
hocvienchuyengia.vn/wp-admin/ayWvTKf3xoJuNcScGZ/
inbradio.com.br/img/8LuwoBtet/
iqb.qmi.mybluehost.me/jkxhappyfoods/7gEbRYeVwC/
lorem.com.sa/web/jPZUho/
mequitecmantenimiento.es/prueba/xkmGAUuNxSZVuYv7cPw/
neondashgds.7m.pl/tools/2Q2R9WKj/
/img/8LuwoBtet/
/jkxhappyfoods/7gEbRYeVwC/
/prueba/xkmGAUuNxSZVuYv7cPw/
/scripts/lrXyEqX/
/software/qKMFckuq1Uc/
/tools/2Q2R9WKj/
/web/jPZUho/
/wp-admin/ayWvTKf3xoJuNcScGZ/
/wp-admin/XhSB9nYvO/
/2Q2R9WKj/
/7gEbRYeVwC/
/8LuwoBtet/
/ayWvTKf3xoJuNcScGZ/
/jPZUho/
/lrXyEqX/
/qKMFckuq1Uc/
/XhSB9nYvO/
/xkmGAUuNxSZVuYv7cPw/

# Reference: https://twitter.com/TrackerC2Bot/status/1636520678663888897
# Reference: https://www.virustotal.com/gui/file/af9f8a5c3e4edb4798c25b6fe3e41eeba5d4a41782dbf81a7ba5b3a93652a02a/detection

103.63.109.9:8080
116.169.139.153:30925
127.134.33.29:30215
128.199.24.148:8080
165.22.230.183:7080
18.65.14.42:52365
189.189.56.216:443
198.199.65.189:8080
23.35.224.105:44580
34.243.139.245:16189
49.119.92.166:20085
72.76.183.248:14131
76.130.129.215:1839
76.81.156.49:37889
88.66.241.6:40160
94.194.151.96:15027

# Reference: https://twitter.com/Cryptolaemus1/status/1636661039378083841

3wd33.fr/payment_form_test/trxV9376/
alt-afrique.com/wp-admin/6zqh/
darbazi.org.ge/language/E5Zr4JruIyd/
elvalledetarrazu.com/cgi-bin/rpOzK/
filmeseserieshd.6te.net/wp-content/krh78UNJw5fly1mdknC/
florylatigo.org/global-track.fedex/zQuqREBt/
fox5.timiastko.pl/wordpress/aBtdhRPCXRl/
group1com.com/wp-includes/rsEA0Leso3L3DT/
lavillarougemassage.fr/old/QnQxEjzqGQ5z25wcCpJ/
/cgi-bin/rpOzK/
/global-track.fedex/zQuqREBt/
/language/E5Zr4JruIyd/
/old/QnQxEjzqGQ5z25wcCpJ/
/payment_form_test/trxV9376/
/wp-includes/rsEA0Leso3L3DT/
/wordpress/aBtdhRPCXRl/
/wp-content/krh78UNJw5fly1mdknC/
/aBtdhRPCXRl/
/krh78UNJw5fly1mdknC/
/QnQxEjzqGQ5z25wcCpJ/
/rsEA0Leso3L3DT/
/trxV9376/
/zQuqREBt/

# Reference: https://twitter.com/Cryptolaemus1/status/1636758914493718528

applink.gr/wp-admin/pWxO42PQrVL0ja5LTfhy/
aristonbentre.com/slideshow/O1uPzXd2YscA/
asakitreks.com/uploads/ce8u7/
ata-sistemi.si/wp-admin/cVDQapxmtAQQq1gr3/
attatory.com/i-bmail/6AfEa8G0W8NOtUh7hqFj/
bluegdps100.7m.pl/app/Ac8wwulKxqZjc/
bvdkhuyentanyen.vn/files/TKK8yKdEvyYAbBE5avb/
casapollux.com/Bilder/GDo3zoURY/
oopt.center/bitrix/HKD1OCEK4mWEc0/
/app/Ac8wwulKxqZjc/
/Bilder/GDo3zoURY/
/bitrix/HKD1OCEK4mWEc0/
/files/TKK8yKdEvyYAbBE5avb/
/i-bmail/6AfEa8G0W8NOtUh7hqFj/
/slideshow/O1uPzXd2YscA/
/wp-admin/cVDQapxmtAQQq1gr3/
/wp-admin/pWxO42PQrVL0ja5LTfhy/
/6AfEa8G0W8NOtUh7hqFj/
/Ac8wwulKxqZjc/
/cVDQapxmtAQQq1gr3/
/GDo3zoURY/
/HKD1OCEK4mWEc0/
/O1uPzXd2YscA/
/pWxO42PQrVL0ja5LTfhy/
/TKK8yKdEvyYAbBE5avb/

# Reference: https://twitter.com/TrackerC2Bot/status/1637515140449943555

93.188.167.97:443

# Reference: https://www.malware-traffic-analysis.net/2023/03/17/index.html

http://103.77.162.25
165.227.153.100:8080
165.227.211.222:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1638289594864087042

agropuno.gob.pe/wp-content/f9I32dWeuQcbpRt19mZ7/
garrett.kz/faq/iSPVXBmuu3nUma5wkdy/
gomespontes.com.br/logs/OnULNYFQXXvsnhbeWvV/
meteo.camera/11/VkU/
penshorn.org/well-known/Ff92tyFI/
sdspush.beget.tech/connectors/GDSeP6kcWtck20hVy/
sipo.ru/images/aCyHhlS8n0bXBg4BU/
/connectors/GDSeP6kcWtck20hVy/
/faq/iSPVXBmuu3nUma5wkdy/
/images/aCyHhlS8n0bXBg4BU/
/logs/OnULNYFQXXvsnhbeWvV/
/well-known/Ff92tyFI/
/wp-content/f9I32dWeuQcbpRt19mZ7/
/aCyHhlS8n0bXBg4BU/
/f9I32dWeuQcbpRt19mZ7/
/Ff92tyFI/
/GDSeP6kcWtck20hVy/
/iSPVXBmuu3nUma5wkdy/

# Reference: https://twitter.com/Cryptolaemus1/status/1638304590432018440

confederationciq.fr/images/8RIFr/
darbazi.org.ge/language/iyQMh/
fox5.timiastko.pl/wordpress/2zrLzAV/
gdcgroup.vn/wp-admin/0ipWMQYggLOD8Waf/
hocvienchuyengia.vn/wp-admin/5T5JbWaulO/
sachininternational.com/wp-admin/ILVDnlmIATb8/
somegdpslol.7m.pl/database/lu/
spiritualoutdooradventures.org/cgi-bin/gftJn/
suppliercity.com.mx/wp-content/x0u6wST03y6X49MOq/
techniguitare.com/forum/vjAk1CX/
/wordpress/2zrLzAV/
/wp-admin/0ipWMQYggLOD8Waf/
/wp-admin/5T5JbWaulO/
/wp-admin/ILVDnlmIATb8/
/wp-content/x0u6wST03y6X49MOq/
/0ipWMQYggLOD8Waf/
/2zrLzAV/
/5T5JbWaulO/
/ILVDnlmIATb8/
/x0u6wST03y6X49MOq/

# Reference: https://twitter.com/Max_Mal_/status/1638323170213085185

209.126.85.32:8080

# Reference: https://twitter.com/Cryptolaemus1/status/1638692411106033666

erkaradyator.com.tr/Areas/1Dg2PeStqNlOjuPP3fu/
esentai-gourmet.kz/404/5oe050kBsHedqng/
panel.chatzy.in/k7daqAXFTBus7mkuwwC/UQ9Y8RRqoOQ9/
/404/5oe050kBsHedqng/
/Areas/1Dg2PeStqNlOjuPP3fu/
/k7daqAXFTBus7mkuwwC/UQ9Y8RRqoOQ9/
/1Dg2PeStqNlOjuPP3fu/
/5oe050kBsHedqng/
/k7daqAXFTBus7mkuwwC/
/UQ9Y8RRqoOQ9/

# Reference: https://twitter.com/Cryptolaemus1/status/1638693468154511363

ardena.pro/dqvoakrc/Hh9/
toiaagrosciences1.hospedagemdesites.ws/grupotoia/CPKU5ZE/
/dqvoakrc/Hh9/
/grupotoia/CPKU5ZE/
/CPKU5ZE/

# Reference: https://twitter.com/TrackerC2Bot/status/1649292492804595713

135.148.121.246:8080
213.190.4.223:7080

# Reference: https://twitter.com/TrackerC2Bot/status/1659711718249906177

http://181.137.229.1
http://75.188.96.231

# Reference: https://www.virustotal.com/gui/file/6d547017ddfa5576fa562f08bfd014aaba457b97d6601315edf19cf2260492f1/detection

133.130.73.156:8080
95.178.241.254:465
lalalalala.club
blog.lalalalala.club
barcaacademyistanbul.com/wp-admin/MozLqtMPp/
fpsdz.net/wp-content/KwQOMh/
kokuadiaper.com/ozcd/ld0-u7t3ym4j7h-903/
pamelambarnettcounseling.com/wp-content/nfOSEw/
/bhx/y18ta-kk6t55-2894/
/ozcd/ld0-u7t3ym4j7h-903/
/wp-admin/MozLqtMPp/
/wp-content/KwQOMh/
/wp-content/nfOSEw/

# Reference: https://www.virustotal.com/gui/file/06f9d8113b9f530661404d6051db72463edcba2fff0b446537813b4c51356b11/detection

pickuptnblog.tatamotors.com/iyc6qmm/11lz0UGDvT/
tatatrucksblog.tatamotors.com/wp-includes/ttywllmLfAdU51d5O/
wyldfyrearabians.com/cgi/1HyEagziS/
/cgi/1HyEagziS/
/iyc6qmm/11lz0UGDvT/
/wp-includes/ttywllmLfAdU51d5O/
/11lz0UGDvT/
/1HyEagziS/
/iyc6qmm/
/ttywllmLfAdU51d5O/

# Reference: https://www.virustotal.com/gui/file/0059550c553eb161519cb9f4af23e8a2224aa3ab698716966dd6aff3cc484b54/detection

http://201.213.32.59
giaodienweb.xyz

# Reference: https://www.virustotal.com/gui/file/059f8ea956f54e862c78b3bcd0dfd475b3874541f8d58f406e081602e1f9e0e9/detection

butziger.com/meettiming/hBJCeNGAvBpGZoD7ee/
csinoticias.com/wp-includes/RnHjIzg/
landorestates.com/wordpress/NELf96wr/
teamsandeep.com/wp-content/p3f2n6wc4nwfg/
rockwoodsaloon.com/wp-admin/A706GTXNufQSWXG52/
landorestates.com/wordpress/NELf96wr/
/meettiming/hBJCeNGAvBpGZoD7ee/
/wp-admin/A706GTXNufQSWXG52/
/wp-content/p3f2n6wc4nwfg/
/wp-includes/RnHjIzg/
/wordpress/NELf96wr/
/A706GTXNufQSWXG52/
/hBJCeNGAvBpGZoD7ee/
/NELf96wr/
/p3f2n6wc4nwfg/
/RnHjIzg/

# Generic trails

/ringin/
/meecpy20181/
/s_w6_h2gc/
/o_wle6_cyuobdkxwm/
/3vzc_oj94_q3v42ns4nb/
/4ots_c9x_ty/
/cx8yyu/
/ofoJX/
/vXl0kcy/
/56mt6s8/SiP/
/db9my/2yh3wsv3w8/
/dovij7lgjd/
/info/Qmy4/
/otul6pg/eyhG/
/twitter-api/a_fx/
/private/hWJAF4yBv7/
/wordpress/VKj/
/wordpress_e/xh/
/wp-admin/7mRmsM/
/wp-admin/AYO/
/wp-admin/nBJ/
/wp-content/AKgD/
/wp-content/Ds_G/
/wp-content/ehiZ/
/wp-content/o_qO/
/wp-content/ZhG/